summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2008-07-01 15:00:55 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2008-07-01 15:00:55 +0000
commitec17add7bc79551b55da5b3f390fa5e620127244 (patch)
treed6dd3dac752697b62aeac06e0d235f2631a6fcfd
parent9c78cb2146f35e6ffd5b0e0a09831b3f586c8f15 (diff)
Isakmpd acquire mode did not work with a config generated from
ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd
Diffstat
-rw-r--r--regress/sbin/ipsecctl/ike1.ok30
-rw-r--r--regress/sbin/ipsecctl/ike10.ok34
-rw-r--r--regress/sbin/ipsecctl/ike11.ok80
-rw-r--r--regress/sbin/ipsecctl/ike12.ok96
-rw-r--r--regress/sbin/ipsecctl/ike13.ok96
-rw-r--r--regress/sbin/ipsecctl/ike14.ok306
-rw-r--r--regress/sbin/ipsecctl/ike15.ok46
-rw-r--r--regress/sbin/ipsecctl/ike16.ok88
-rw-r--r--regress/sbin/ipsecctl/ike17.ok64
-rw-r--r--regress/sbin/ipsecctl/ike18.ok64
-rw-r--r--regress/sbin/ipsecctl/ike19.ok32
-rw-r--r--regress/sbin/ipsecctl/ike2.ok34
-rw-r--r--regress/sbin/ipsecctl/ike20.ok80
-rw-r--r--regress/sbin/ipsecctl/ike21.ok30
-rw-r--r--regress/sbin/ipsecctl/ike22.ok34
-rw-r--r--regress/sbin/ipsecctl/ike23.ok42
-rw-r--r--regress/sbin/ipsecctl/ike29.ok40
-rw-r--r--regress/sbin/ipsecctl/ike3.ok42
-rw-r--r--regress/sbin/ipsecctl/ike30.ok34
-rw-r--r--regress/sbin/ipsecctl/ike31.ok32
-rw-r--r--regress/sbin/ipsecctl/ike32.ok30
-rw-r--r--regress/sbin/ipsecctl/ike33.ok30
-rw-r--r--regress/sbin/ipsecctl/ike34.ok34
-rw-r--r--regress/sbin/ipsecctl/ike35.ok34
-rw-r--r--regress/sbin/ipsecctl/ike36.ok30
-rw-r--r--regress/sbin/ipsecctl/ike37.ok46
-rw-r--r--regress/sbin/ipsecctl/ike38.ok88
-rw-r--r--regress/sbin/ipsecctl/ike39.ok64
-rw-r--r--regress/sbin/ipsecctl/ike4.ok46
-rw-r--r--regress/sbin/ipsecctl/ike40.ok64
-rw-r--r--regress/sbin/ipsecctl/ike41.ok30
-rw-r--r--regress/sbin/ipsecctl/ike42.ok36
-rw-r--r--regress/sbin/ipsecctl/ike43.ok38
-rw-r--r--regress/sbin/ipsecctl/ike46.ok60
-rw-r--r--regress/sbin/ipsecctl/ike47.ok68
-rw-r--r--regress/sbin/ipsecctl/ike48.ok68
-rw-r--r--regress/sbin/ipsecctl/ike49.ok34
-rw-r--r--regress/sbin/ipsecctl/ike5.ok88
-rw-r--r--regress/sbin/ipsecctl/ike50.ok34
-rw-r--r--regress/sbin/ipsecctl/ike51.ok34
-rw-r--r--regress/sbin/ipsecctl/ike52.ok34
-rw-r--r--regress/sbin/ipsecctl/ike53.ok30
-rw-r--r--regress/sbin/ipsecctl/ike54.ok38
-rw-r--r--regress/sbin/ipsecctl/ike55.ok30
-rw-r--r--regress/sbin/ipsecctl/ike56.ok30
-rw-r--r--regress/sbin/ipsecctl/ike57.ok138
-rw-r--r--regress/sbin/ipsecctl/ike58.ok102
-rw-r--r--regress/sbin/ipsecctl/ike59.ok30
-rw-r--r--regress/sbin/ipsecctl/ike6.ok64
-rw-r--r--regress/sbin/ipsecctl/ike7.ok64
-rw-r--r--regress/sbin/ipsecctl/ike8.ok32
-rw-r--r--regress/sbin/ipsecctl/ike9.ok40
-rw-r--r--regress/sbin/ipsecctl/ikedel1.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel10.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel11.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel12.ok24
-rw-r--r--regress/sbin/ipsecctl/ikedel13.ok24
-rw-r--r--regress/sbin/ipsecctl/ikedel14.ok72
-rw-r--r--regress/sbin/ipsecctl/ikedel15.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel16.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel17.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel18.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel19.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel2.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel20.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel21.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel22.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel23.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel29.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel3.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel30.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel31.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel32.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel33.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel34.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel35.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel36.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel37.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel38.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel39.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel4.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel40.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel41.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel42.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel43.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel46.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel47.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel5.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel6.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel7.ok16
-rw-r--r--regress/sbin/ipsecctl/ikedel8.ok8
-rw-r--r--regress/sbin/ipsecctl/ikedel9.ok8
-rw-r--r--regress/sbin/ipsecctl/ikefail6.ok20
-rw-r--r--sbin/ipsecctl/ike.c241
-rw-r--r--sbin/ipsecctl/ipsecctl.c4
-rw-r--r--sbin/ipsecctl/ipsecctl.h3
-rw-r--r--sbin/isakmpd/pf_key_v2.c166
97 files changed, 1941 insertions, 1905 deletions
diff --git a/regress/sbin/ipsecctl/ike1.ok b/regress/sbin/ipsecctl/ike1.ok
index 6dd25d7df47..8a94ed9e94f 100644
--- a/regress/sbin/ipsecctl/ike1.ok
+++ b/regress/sbin/ipsecctl/ike1.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike10.ok b/regress/sbin/ipsecctl/ike10.ok
index 5c12e5d1f08..be106fe1f99 100644
--- a/regress/sbin/ipsecctl/ike10.ok
+++ b/regress/sbin/ipsecctl/ike10.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:192.168.200.1=peer-192.168.200.1 force
C set [peer-192.168.200.1]:Phase=1 force
C set [peer-192.168.200.1]:Address=192.168.200.1 force
-C set [peer-192.168.200.1]:Configuration=mm-192.168.200.1 force
-C set [mm-192.168.200.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.200.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Phase=2 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:ISAKMP-peer=peer-192.168.200.1 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Configuration=qm-192.168.100.1:0-97-192.168.200.1:0-97 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Local-ID=lid-192.168.100.1:0-97 force
-C set [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]:Remote-ID=rid-192.168.200.1:0-97 force
-C set [qm-192.168.100.1:0-97-192.168.200.1:0-97]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-192.168.100.1:0-97-192.168.200.1:0-97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-192.168.100.1:0-97]:ID-type=IPV4_ADDR force
-C set [lid-192.168.100.1:0-97]:Address=192.168.100.1 force
-C set [rid-192.168.200.1:0-97]:ID-type=IPV4_ADDR force
-C set [rid-192.168.200.1:0-97]:Address=192.168.200.1 force
-C set [lid-192.168.100.1:0-97]:Protocol=97 force
-C set [rid-192.168.200.1:0-97]:Protocol=97 force
-C add [Phase 2]:Connections=IPsec-192.168.100.1:0-97-192.168.200.1:0-97
+C set [peer-192.168.200.1]:Configuration=phase1-peer-192.168.200.1 force
+C set [phase1-peer-192.168.200.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.200.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Phase=2 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:ISAKMP-peer=peer-192.168.200.1 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Configuration=phase2-from-192.168.100.1=97-to-192.168.200.1=97 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Local-ID=from-192.168.100.1=97 force
+C set [from-192.168.100.1=97-to-192.168.200.1=97]:Remote-ID=to-192.168.200.1=97 force
+C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-192.168.100.1=97-to-192.168.200.1=97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-192.168.100.1=97]:ID-type=IPV4_ADDR force
+C set [from-192.168.100.1=97]:Address=192.168.100.1 force
+C set [to-192.168.200.1=97]:ID-type=IPV4_ADDR force
+C set [to-192.168.200.1=97]:Address=192.168.200.1 force
+C set [from-192.168.100.1=97]:Protocol=97 force
+C set [to-192.168.200.1=97]:Protocol=97 force
+C add [Phase 2]:Connections=from-192.168.100.1=97-to-192.168.200.1=97
diff --git a/regress/sbin/ipsecctl/ike11.ok b/regress/sbin/ipsecctl/ike11.ok
index e4d181ed6f2..ff637adcfe1 100644
--- a/regress/sbin/ipsecctl/ike11.ok
+++ b/regress/sbin/ipsecctl/ike11.ok
@@ -1,40 +1,40 @@
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike12.ok b/regress/sbin/ipsecctl/ike12.ok
index 717fae039db..2d00da756cf 100644
--- a/regress/sbin/ipsecctl/ike12.ok
+++ b/regress/sbin/ipsecctl/ike12.ok
@@ -2,57 +2,57 @@ TO = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
-C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
-C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Configuration=qm-1.1.1.1-2.2.2.0/24 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.0/24]:Remote-ID=rid-2.2.2.0/24 force
-C set [qm-1.1.1.1-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [rid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.0/24
+C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
+C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Configuration=phase2-from-1.1.1.1-to-2.2.2.0/24 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.0/24]:Remote-ID=to-2.2.2.0/24 force
+C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-2.2.2.0/24]:Network=2.2.2.0 force
+C set [to-2.2.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.0/24
C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
-C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
-C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Phase=2 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Configuration=qm-1.1.1.1-3.3.3.0/24 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-3.3.3.0/24]:Remote-ID=rid-3.3.3.0/24 force
-C set [qm-1.1.1.1-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-3.3.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [rid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-3.3.3.0/24
+C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
+C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Phase=2 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Configuration=phase2-from-1.1.1.1-to-3.3.3.0/24 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-3.3.3.0/24]:Remote-ID=to-3.3.3.0/24 force
+C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-3.3.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-3.3.3.0/24]:Network=3.3.3.0 force
+C set [to-3.3.3.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-3.3.3.0/24
C set [Phase 1]:5.5.5.5=peer-5.5.5.5 force
C set [peer-5.5.5.5]:Phase=1 force
C set [peer-5.5.5.5]:Address=5.5.5.5 force
-C set [peer-5.5.5.5]:Configuration=mm-5.5.5.5 force
-C set [mm-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Phase=2 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Configuration=qm-1.1.1.1-4.4.4.0/24 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-4.4.4.0/24]:Remote-ID=rid-4.4.4.0/24 force
-C set [qm-1.1.1.1-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [rid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-4.4.4.0/24
+C set [peer-5.5.5.5]:Configuration=phase1-peer-5.5.5.5 force
+C set [phase1-peer-5.5.5.5]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-5.5.5.5]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Phase=2 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:ISAKMP-peer=peer-5.5.5.5 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Configuration=phase2-from-1.1.1.1-to-4.4.4.0/24 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-4.4.4.0/24]:Remote-ID=to-4.4.4.0/24 force
+C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-4.4.4.0/24]:Network=4.4.4.0 force
+C set [to-4.4.4.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-4.4.4.0/24
diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok
index 9e8900effb5..29d0cb1baea 100644
--- a/regress/sbin/ipsecctl/ike13.ok
+++ b/regress/sbin/ipsecctl/ike13.ok
@@ -2,57 +2,57 @@ FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Configuration=qm-2.2.2.0/24-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-2.2.2.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Configuration=phase2-from-2.2.2.0/24-to-1.1.1.1 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-1.1.1.1
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Configuration=qm-3.3.3.0/24-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-3.3.3.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Configuration=phase2-from-3.3.3.0/24-to-1.1.1.1 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-1.1.1.1
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Configuration=qm-4.4.4.0/24-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-4.4.4.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Configuration=phase2-from-4.4.4.0/24-to-1.1.1.1 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-1.1.1.1
diff --git a/regress/sbin/ipsecctl/ike14.ok b/regress/sbin/ipsecctl/ike14.ok
index b43b0124466..40d894038ca 100644
--- a/regress/sbin/ipsecctl/ike14.ok
+++ b/regress/sbin/ipsecctl/ike14.ok
@@ -3,180 +3,180 @@ TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Phase=2 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Configuration=qm-2.2.2.0/24-5.5.5.0/24 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
-C set [qm-2.2.2.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
-C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-5.5.5.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Phase=2 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Configuration=qm-2.2.2.0/24-6.6.6.0/24 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
-C set [qm-2.2.2.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
-C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-6.6.6.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Phase=2 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Configuration=qm-2.2.2.0/24-7.7.7.0/24 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
-C set [qm-2.2.2.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
-C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-7.7.7.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Configuration=qm-3.3.3.0/24-5.5.5.0/24 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
-C set [qm-3.3.3.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
-C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-5.5.5.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Configuration=qm-3.3.3.0/24-6.6.6.0/24 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
-C set [qm-3.3.3.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
-C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-6.6.6.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Configuration=qm-3.3.3.0/24-7.7.7.0/24 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
-C set [qm-3.3.3.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
-C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-7.7.7.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Phase=2 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Configuration=qm-4.4.4.0/24-5.5.5.0/24 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-5.5.5.0/24]:Remote-ID=rid-5.5.5.0/24 force
-C set [qm-4.4.4.0/24-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-5.5.5.0/24]:Network=5.5.5.0 force
-C set [rid-5.5.5.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-5.5.5.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
+C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-5.5.5.0/24]:Network=5.5.5.0 force
+C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Phase=2 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Configuration=qm-4.4.4.0/24-6.6.6.0/24 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-6.6.6.0/24]:Remote-ID=rid-6.6.6.0/24 force
-C set [qm-4.4.4.0/24-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-6.6.6.0/24]:Network=6.6.6.0 force
-C set [rid-6.6.6.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-6.6.6.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
+C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-6.6.6.0/24]:Network=6.6.6.0 force
+C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Phase=2 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Configuration=qm-4.4.4.0/24-7.7.7.0/24 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-7.7.7.0/24]:Remote-ID=rid-7.7.7.0/24 force
-C set [qm-4.4.4.0/24-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-7.7.7.0/24]:Network=7.7.7.0 force
-C set [rid-7.7.7.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-7.7.7.0/24
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
+C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-7.7.7.0/24]:Network=7.7.7.0 force
+C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24
diff --git a/regress/sbin/ipsecctl/ike15.ok b/regress/sbin/ipsecctl/ike15.ok
index 0e545f5f52d..db08bff6467 100644
--- a/regress/sbin/ipsecctl/ike15.ok
+++ b/regress/sbin/ipsecctl/ike15.ok
@@ -1,26 +1,26 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe::1]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::1]:Remote-ID=3ffe::1-ID force
-C set [3ffe::1-ID]:ID-type=FQDN force
-C set [3ffe::1-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe::1]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::1]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike16.ok b/regress/sbin/ipsecctl/ike16.ok
index f86a620f459..ff6deccc8fd 100644
--- a/regress/sbin/ipsecctl/ike16.ok
+++ b/regress/sbin/ipsecctl/ike16.ok
@@ -1,50 +1,50 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike17.ok b/regress/sbin/ipsecctl/ike17.ok
index 2907516ed91..1c92080f890 100644
--- a/regress/sbin/ipsecctl/ike17.ok
+++ b/regress/sbin/ipsecctl/ike17.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike18.ok b/regress/sbin/ipsecctl/ike18.ok
index 921141fe4a5..f9cd33a4eda 100644
--- a/regress/sbin/ipsecctl/ike18.ok
+++ b/regress/sbin/ipsecctl/ike18.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Phase=2 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Configuration=qm-10.1.2.0/24-10.1.1.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Local-ID=lid-10.1.2.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Remote-ID=rid-10.1.1.0/24 force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [rid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Local-ID=from-10.1.2.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Remote-ID=to-10.1.1.0/24 force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.2.0/24]:Network=10.1.2.0 force
+C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.1.0/24]:Network=10.1.1.0 force
+C set [to-10.1.1.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::29-3ffe::51]:Phase=2 force
-C set [IPsec-3ffe::29-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Configuration=qm-3ffe::29-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Local-ID=lid-3ffe::29 force
-C set [IPsec-3ffe::29-3ffe::51]:Remote-ID=rid-3ffe::51 force
-C set [qm-3ffe::29-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::29-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::29]:Address=3ffe::29 force
-C set [rid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::51]:Address=3ffe::51 force
-C add [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::29-to-3ffe::51]:Phase=2 force
+C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Local-ID=from-3ffe::29 force
+C set [from-3ffe::29-to-3ffe::51]:Remote-ID=to-3ffe::51 force
+C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::29]:ID-type=IPV6_ADDR force
+C set [from-3ffe::29]:Address=3ffe::29 force
+C set [to-3ffe::51]:ID-type=IPV6_ADDR force
+C set [to-3ffe::51]:Address=3ffe::51 force
+C add [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
diff --git a/regress/sbin/ipsecctl/ike19.ok b/regress/sbin/ipsecctl/ike19.ok
index 983ee8e92b2..fd7c14810b3 100644
--- a/regress/sbin/ipsecctl/ike19.ok
+++ b/regress/sbin/ipsecctl/ike19.ok
@@ -1,19 +1,19 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike2.ok b/regress/sbin/ipsecctl/ike2.ok
index 6642e436d06..ea58311e666 100644
--- a/regress/sbin/ipsecctl/ike2.ok
+++ b/regress/sbin/ipsecctl/ike2.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike20.ok b/regress/sbin/ipsecctl/ike20.ok
index e4d181ed6f2..ff637adcfe1 100644
--- a/regress/sbin/ipsecctl/ike20.ok
+++ b/regress/sbin/ipsecctl/ike20.ok
@@ -1,40 +1,40 @@
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
-C set [peer-192.168.3.1]:Phase=1 force
-C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Local-address=192.168.3.2 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
+C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
+C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike21.ok b/regress/sbin/ipsecctl/ike21.ok
index 80082e5178c..4767206f21b 100644
--- a/regress/sbin/ipsecctl/ike21.ok
+++ b/regress/sbin/ipsecctl/ike21.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:3ffe::2=peer-3ffe::2 force
C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
-C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force
-C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1-3ffe::2]:Phase=2 force
-C set [IPsec-3ffe::1-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force
-C set [IPsec-3ffe::1-3ffe::2]:Configuration=qm-3ffe::1-3ffe::2 force
-C set [IPsec-3ffe::1-3ffe::2]:Local-ID=lid-3ffe::1 force
-C set [IPsec-3ffe::1-3ffe::2]:Remote-ID=rid-3ffe::2 force
-C set [qm-3ffe::1-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1-3ffe::2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::1]:Address=3ffe::1 force
-C set [rid-3ffe::2]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::2]:Address=3ffe::2 force
-C add [Phase 2]:Connections=IPsec-3ffe::1-3ffe::2
+C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
+C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1-to-3ffe::2]:Phase=2 force
+C set [from-3ffe::1-to-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force
+C set [from-3ffe::1-to-3ffe::2]:Configuration=phase2-from-3ffe::1-to-3ffe::2 force
+C set [from-3ffe::1-to-3ffe::2]:Local-ID=from-3ffe::1 force
+C set [from-3ffe::1-to-3ffe::2]:Remote-ID=to-3ffe::2 force
+C set [phase2-from-3ffe::1-to-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1-to-3ffe::2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1]:ID-type=IPV6_ADDR force
+C set [from-3ffe::1]:Address=3ffe::1 force
+C set [to-3ffe::2]:ID-type=IPV6_ADDR force
+C set [to-3ffe::2]:Address=3ffe::2 force
+C add [Phase 2]:Connections=from-3ffe::1-to-3ffe::2
diff --git a/regress/sbin/ipsecctl/ike22.ok b/regress/sbin/ipsecctl/ike22.ok
index b83f728152f..e037df8f198 100644
--- a/regress/sbin/ipsecctl/ike22.ok
+++ b/regress/sbin/ipsecctl/ike22.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike23.ok b/regress/sbin/ipsecctl/ike23.ok
index 757db5a7315..00c58f8e05f 100644
--- a/regress/sbin/ipsecctl/ike23.ok
+++ b/regress/sbin/ipsecctl/ike23.ok
@@ -1,24 +1,24 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike29.ok b/regress/sbin/ipsecctl/ike29.ok
index ba6e2875e00..e0ac9d528ff 100644
--- a/regress/sbin/ipsecctl/ike29.ok
+++ b/regress/sbin/ipsecctl/ike29.ok
@@ -3,23 +3,23 @@ C set [General]:DPD-check-interval=5 force
C set [Phase 1]:3ffe:2::1=peer-3ffe:2::1 force
C set [peer-3ffe:2::1]:Phase=1 force
C set [peer-3ffe:2::1]:Address=3ffe:2::1 force
-C set [peer-3ffe:2::1]:Configuration=mm-3ffe:2::1 force
-C set [mm-3ffe:2::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe:2::1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe:2::1]:ID=noname.my.domain-ID force
-C set [noname.my.domain-ID]:ID-type=FQDN force
-C set [noname.my.domain-ID]:Name=noname.my.domain force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Phase=2 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:ISAKMP-peer=peer-3ffe:2::1 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Configuration=qm-3ffe:3::/64-3ffe:4::/64 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Local-ID=lid-3ffe:3::/64 force
-C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Remote-ID=rid-3ffe:4::/64 force
-C set [qm-3ffe:3::/64-3ffe:4::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:3::/64-3ffe:4::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:3::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:3::/64]:Network=3ffe:3:: force
-C set [lid-3ffe:3::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:4::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:4::/64]:Network=3ffe:4:: force
-C set [rid-3ffe:4::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:3::/64-3ffe:4::/64
+C set [peer-3ffe:2::1]:Configuration=phase1-peer-3ffe:2::1 force
+C set [phase1-peer-3ffe:2::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe:2::1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe:2::1]:ID=id-noname.my.domain force
+C set [id-noname.my.domain]:ID-type=FQDN force
+C set [id-noname.my.domain]:Name=noname.my.domain force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Phase=2 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:ISAKMP-peer=peer-3ffe:2::1 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Configuration=phase2-from-3ffe:3::/64-to-3ffe:4::/64 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Local-ID=from-3ffe:3::/64 force
+C set [from-3ffe:3::/64-to-3ffe:4::/64]:Remote-ID=to-3ffe:4::/64 force
+C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:3::/64-to-3ffe:4::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:3::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:3::/64]:Network=3ffe:3:: force
+C set [from-3ffe:3::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:4::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:4::/64]:Network=3ffe:4:: force
+C set [to-3ffe:4::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:3::/64-to-3ffe:4::/64
diff --git a/regress/sbin/ipsecctl/ike3.ok b/regress/sbin/ipsecctl/ike3.ok
index be6f28aebb5..0c8bc8eb764 100644
--- a/regress/sbin/ipsecctl/ike3.ok
+++ b/regress/sbin/ipsecctl/ike3.ok
@@ -1,24 +1,24 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike30.ok b/regress/sbin/ipsecctl/ike30.ok
index d4856f07988..297f4293c9e 100644
--- a/regress/sbin/ipsecctl/ike30.ok
+++ b/regress/sbin/ipsecctl/ike30.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:3ffe::2=peer-3ffe::2 force
C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
-C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force
-C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Phase=2 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:ISAKMP-peer=peer-3ffe::2 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Configuration=qm-3ffe::1:0-97-3ffe::2:0-97 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Local-ID=lid-3ffe::1:0-97 force
-C set [IPsec-3ffe::1:0-97-3ffe::2:0-97]:Remote-ID=rid-3ffe::2:0-97 force
-C set [qm-3ffe::1:0-97-3ffe::2:0-97]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1:0-97-3ffe::2:0-97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1:0-97]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::1:0-97]:Address=3ffe::1 force
-C set [rid-3ffe::2:0-97]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::2:0-97]:Address=3ffe::2 force
-C set [lid-3ffe::1:0-97]:Protocol=97 force
-C set [rid-3ffe::2:0-97]:Protocol=97 force
-C add [Phase 2]:Connections=IPsec-3ffe::1:0-97-3ffe::2:0-97
+C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
+C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Phase=2 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:ISAKMP-peer=peer-3ffe::2 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Configuration=phase2-from-3ffe::1=97-to-3ffe::2=97 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Local-ID=from-3ffe::1=97 force
+C set [from-3ffe::1=97-to-3ffe::2=97]:Remote-ID=to-3ffe::2=97 force
+C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1=97-to-3ffe::2=97]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1=97]:ID-type=IPV6_ADDR force
+C set [from-3ffe::1=97]:Address=3ffe::1 force
+C set [to-3ffe::2=97]:ID-type=IPV6_ADDR force
+C set [to-3ffe::2=97]:Address=3ffe::2 force
+C set [from-3ffe::1=97]:Protocol=97 force
+C set [to-3ffe::2=97]:Protocol=97 force
+C add [Phase 2]:Connections=from-3ffe::1=97-to-3ffe::2=97
diff --git a/regress/sbin/ipsecctl/ike31.ok b/regress/sbin/ipsecctl/ike31.ok
index 8ece3d3eddf..eee8b862e70 100644
--- a/regress/sbin/ipsecctl/ike31.ok
+++ b/regress/sbin/ipsecctl/ike31.ok
@@ -1,19 +1,19 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:2::1-::/0]:Phase=2 force
-C set [IPsec-3ffe:2::1-::/0]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-3ffe:2::1-::/0]:Configuration=qm-3ffe:2::1-::/0 force
-C set [IPsec-3ffe:2::1-::/0]:Local-ID=lid-3ffe:2::1 force
-C set [IPsec-3ffe:2::1-::/0]:Remote-ID=rid-::/0 force
-C set [qm-3ffe:2::1-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:2::1-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:2::1]:ID-type=IPV6_ADDR force
-C set [lid-3ffe:2::1]:Address=3ffe:2::1 force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-3ffe:2::1-::/0
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:2::1-to-::/0]:Phase=2 force
+C set [from-3ffe:2::1-to-::/0]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-3ffe:2::1-to-::/0]:Configuration=phase2-from-3ffe:2::1-to-::/0 force
+C set [from-3ffe:2::1-to-::/0]:Local-ID=from-3ffe:2::1 force
+C set [from-3ffe:2::1-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-3ffe:2::1-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:2::1-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:2::1]:ID-type=IPV6_ADDR force
+C set [from-3ffe:2::1]:Address=3ffe:2::1 force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-3ffe:2::1-to-::/0
diff --git a/regress/sbin/ipsecctl/ike32.ok b/regress/sbin/ipsecctl/ike32.ok
index f45965c03ca..d2512e43795 100644
--- a/regress/sbin/ipsecctl/ike32.ok
+++ b/regress/sbin/ipsecctl/ike32.ok
@@ -2,18 +2,18 @@ C set [General]:Default-phase-2-lifetime=1200 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike33.ok b/regress/sbin/ipsecctl/ike33.ok
index ce33fbe4545..a26b9bbec77 100644
--- a/regress/sbin/ipsecctl/ike33.ok
+++ b/regress/sbin/ipsecctl/ike33.ok
@@ -2,18 +2,18 @@ C set [General]:Default-phase-1-lifetime=3600 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike34.ok b/regress/sbin/ipsecctl/ike34.ok
index 48b30a40058..d235efec245 100644
--- a/regress/sbin/ipsecctl/ike34.ok
+++ b/regress/sbin/ipsecctl/ike34.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force
C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
-C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force
-C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Phase=2 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:ISAKMP-peer=peer-1.2.3.4 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Configuration=qm-3ffe::1/24-3ffe:2::/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Local-ID=lid-3ffe::1/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Remote-ID=rid-3ffe:2::/24 force
-C set [qm-3ffe::1/24-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1/24-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe::1/24]:Network=3ffe::1 force
-C set [lid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
+C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
+C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-1.2.3.4 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Local-ID=from-3ffe::1/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Remote-ID=to-3ffe:2::/24 force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe::1/24]:Network=3ffe::1 force
+C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/24]:Network=3ffe:2:: force
+C set [to-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
diff --git a/regress/sbin/ipsecctl/ike35.ok b/regress/sbin/ipsecctl/ike35.ok
index 50f6a5f2d04..d74993925f9 100644
--- a/regress/sbin/ipsecctl/ike35.ok
+++ b/regress/sbin/ipsecctl/ike35.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force
C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
-C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force
-C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Phase=2 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:ISAKMP-peer=peer-1.2.3.4 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Configuration=qm-3ffe:2::/24-3ffe::1/24 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Local-ID=lid-3ffe:2::/24 force
-C set [IPsec-3ffe:2::/24-3ffe::1/24]:Remote-ID=rid-3ffe::1/24 force
-C set [qm-3ffe:2::/24-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:2::/24-3ffe::1/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [lid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe::1/24]:Network=3ffe::1 force
-C set [rid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe:2::/24-3ffe::1/24
+C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
+C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Phase=2 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:ISAKMP-peer=peer-1.2.3.4 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Configuration=phase2-from-3ffe:2::/24-to-3ffe::1/24 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Local-ID=from-3ffe:2::/24 force
+C set [from-3ffe:2::/24-to-3ffe::1/24]:Remote-ID=to-3ffe::1/24 force
+C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:2::/24-to-3ffe::1/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:2::/24]:Network=3ffe:2:: force
+C set [from-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe::1/24]:Network=3ffe::1 force
+C set [to-3ffe::1/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe:2::/24-to-3ffe::1/24
diff --git a/regress/sbin/ipsecctl/ike36.ok b/regress/sbin/ipsecctl/ike36.ok
index 7e20d273efe..625c965089b 100644
--- a/regress/sbin/ipsecctl/ike36.ok
+++ b/regress/sbin/ipsecctl/ike36.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::3-3ffe::4]:Phase=2 force
-C set [IPsec-3ffe::3-3ffe::4]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-3ffe::3-3ffe::4]:Configuration=qm-3ffe::3-3ffe::4 force
-C set [IPsec-3ffe::3-3ffe::4]:Local-ID=lid-3ffe::3 force
-C set [IPsec-3ffe::3-3ffe::4]:Remote-ID=rid-3ffe::4 force
-C set [qm-3ffe::3-3ffe::4]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::3-3ffe::4]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::3]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::3]:Address=3ffe::3 force
-C set [rid-3ffe::4]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::4]:Address=3ffe::4 force
-C add [Phase 2]:Connections=IPsec-3ffe::3-3ffe::4
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::3-to-3ffe::4]:Phase=2 force
+C set [from-3ffe::3-to-3ffe::4]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-3ffe::3-to-3ffe::4]:Configuration=phase2-from-3ffe::3-to-3ffe::4 force
+C set [from-3ffe::3-to-3ffe::4]:Local-ID=from-3ffe::3 force
+C set [from-3ffe::3-to-3ffe::4]:Remote-ID=to-3ffe::4 force
+C set [phase2-from-3ffe::3-to-3ffe::4]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::3-to-3ffe::4]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::3]:ID-type=IPV6_ADDR force
+C set [from-3ffe::3]:Address=3ffe::3 force
+C set [to-3ffe::4]:ID-type=IPV6_ADDR force
+C set [to-3ffe::4]:Address=3ffe::4 force
+C add [Phase 2]:Connections=from-3ffe::3-to-3ffe::4
diff --git a/regress/sbin/ipsecctl/ike37.ok b/regress/sbin/ipsecctl/ike37.ok
index 1968145afff..3a6fac15093 100644
--- a/regress/sbin/ipsecctl/ike37.ok
+++ b/regress/sbin/ipsecctl/ike37.ok
@@ -1,26 +1,26 @@
C set [Phase 1]:3ffe::1=peer-3ffe::1 force
C set [peer-3ffe::1]:Phase=1 force
C set [peer-3ffe::1]:Address=3ffe::1 force
-C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force
-C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-3ffe::1]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::1]:Remote-ID=3ffe::1-ID force
-C set [3ffe::1-ID]:ID-type=FQDN force
-C set [3ffe::1-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::1 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::1]:Configuration=phase1-peer-3ffe::1 force
+C set [phase1-peer-3ffe::1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-3ffe::1]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::1]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::1 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
diff --git a/regress/sbin/ipsecctl/ike38.ok b/regress/sbin/ipsecctl/ike38.ok
index 13b74889d00..3ff4fa5a0df 100644
--- a/regress/sbin/ipsecctl/ike38.ok
+++ b/regress/sbin/ipsecctl/ike38.ok
@@ -1,50 +1,50 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
-C set [peer-3ffe::29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force
-C set [3ffe::29-ID]:ID-type=FQDN force
-C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [peer-3ffe::29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-3ffe::29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike39.ok b/regress/sbin/ipsecctl/ike39.ok
index c8506d80108..8018391ca54 100644
--- a/regress/sbin/ipsecctl/ike39.ok
+++ b/regress/sbin/ipsecctl/ike39.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
C set [Phase 1]:3ffe::29=peer-3ffe::29 force
C set [peer-3ffe::29]:Phase=1 force
C set [peer-3ffe::29]:Address=3ffe::29 force
-C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force
-C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force
-C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force
-C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force
-C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force
-C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::51]:Address=3ffe::51 force
-C set [rid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::29]:Address=3ffe::29 force
-C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
+C set [peer-3ffe::29]:Configuration=phase1-peer-3ffe::29 force
+C set [phase1-peer-3ffe::29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::51-to-3ffe::29]:Phase=2 force
+C set [from-3ffe::51-to-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Configuration=phase2-from-3ffe::51-to-3ffe::29 force
+C set [from-3ffe::51-to-3ffe::29]:Local-ID=from-3ffe::51 force
+C set [from-3ffe::51-to-3ffe::29]:Remote-ID=to-3ffe::29 force
+C set [phase2-from-3ffe::51-to-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::51-to-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::51]:ID-type=IPV6_ADDR force
+C set [from-3ffe::51]:Address=3ffe::51 force
+C set [to-3ffe::29]:ID-type=IPV6_ADDR force
+C set [to-3ffe::29]:Address=3ffe::29 force
+C add [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
diff --git a/regress/sbin/ipsecctl/ike4.ok b/regress/sbin/ipsecctl/ike4.ok
index b9a2bf786ec..17ab6560fd9 100644
--- a/regress/sbin/ipsecctl/ike4.ok
+++ b/regress/sbin/ipsecctl/ike4.ok
@@ -1,26 +1,26 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike40.ok b/regress/sbin/ipsecctl/ike40.ok
index 6422f0fc840..9b283cab45c 100644
--- a/regress/sbin/ipsecctl/ike40.ok
+++ b/regress/sbin/ipsecctl/ike40.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force
-C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe:1::/64]:Network=3ffe:1:: force
-C set [lid-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/64]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
-C add [Phase 2]:Passive-Connections=IPsec-3ffe:1::/64-3ffe:2::/64
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force
+C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe:1::/64]:Network=3ffe:1:: force
+C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/64]:Network=3ffe:2:: force
+C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force
+C add [Phase 2]:Passive-Connections=from-3ffe:1::/64-to-3ffe:2::/64
C set [Phase 1]:3ffe::51=peer-3ffe::51 force
C set [peer-3ffe::51]:Phase=1 force
C set [peer-3ffe::51]:Address=3ffe::51 force
-C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force
-C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::29-3ffe::51]:Phase=2 force
-C set [IPsec-3ffe::29-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Configuration=qm-3ffe::29-3ffe::51 force
-C set [IPsec-3ffe::29-3ffe::51]:Local-ID=lid-3ffe::29 force
-C set [IPsec-3ffe::29-3ffe::51]:Remote-ID=rid-3ffe::51 force
-C set [qm-3ffe::29-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::29-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::29]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::29]:Address=3ffe::29 force
-C set [rid-3ffe::51]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::51]:Address=3ffe::51 force
-C add [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
+C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force
+C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::29-to-3ffe::51]:Phase=2 force
+C set [from-3ffe::29-to-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Configuration=phase2-from-3ffe::29-to-3ffe::51 force
+C set [from-3ffe::29-to-3ffe::51]:Local-ID=from-3ffe::29 force
+C set [from-3ffe::29-to-3ffe::51]:Remote-ID=to-3ffe::51 force
+C set [phase2-from-3ffe::29-to-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::29-to-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::29]:ID-type=IPV6_ADDR force
+C set [from-3ffe::29]:Address=3ffe::29 force
+C set [to-3ffe::51]:ID-type=IPV6_ADDR force
+C set [to-3ffe::51]:Address=3ffe::51 force
+C add [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
diff --git a/regress/sbin/ipsecctl/ike41.ok b/regress/sbin/ipsecctl/ike41.ok
index bd56c47c595..d69595c4ae4 100644
--- a/regress/sbin/ipsecctl/ike41.ok
+++ b/regress/sbin/ipsecctl/ike41.ok
@@ -3,18 +3,18 @@ C set [General]:Default-phase-2-lifetime=1200 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike42.ok b/regress/sbin/ipsecctl/ike42.ok
index 1781b717f08..b385bd5687d 100644
--- a/regress/sbin/ipsecctl/ike42.ok
+++ b/regress/sbin/ipsecctl/ike42.ok
@@ -1,21 +1,21 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Phase=2 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Configuration=qm-1.1.1.1:123-17-2.2.2.2:0-17 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Local-ID=lid-1.1.1.1:123-17 force
-C set [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]:Remote-ID=rid-2.2.2.2:0-17 force
-C set [qm-1.1.1.1:123-17-2.2.2.2:0-17]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1:123-17-2.2.2.2:0-17]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1:123-17]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1:123-17]:Address=1.1.1.1 force
-C set [rid-2.2.2.2:0-17]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2:0-17]:Address=2.2.2.2 force
-C set [lid-1.1.1.1:123-17]:Protocol=17 force
-C set [rid-2.2.2.2:0-17]:Protocol=17 force
-C set [lid-1.1.1.1:123-17]:Port=123 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1:123-17-2.2.2.2:0-17
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Phase=2 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Configuration=phase2-from-1.1.1.1=17:123-to-2.2.2.2=17 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Local-ID=from-1.1.1.1=17:123 force
+C set [from-1.1.1.1=17:123-to-2.2.2.2=17]:Remote-ID=to-2.2.2.2=17 force
+C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1=17:123]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1=17:123]:Address=1.1.1.1 force
+C set [to-2.2.2.2=17]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2=17]:Address=2.2.2.2 force
+C set [from-1.1.1.1=17:123]:Protocol=17 force
+C set [to-2.2.2.2=17]:Protocol=17 force
+C set [from-1.1.1.1=17:123]:Port=123 force
+C add [Phase 2]:Connections=from-1.1.1.1=17:123-to-2.2.2.2=17
diff --git a/regress/sbin/ipsecctl/ike43.ok b/regress/sbin/ipsecctl/ike43.ok
index c3c4c705ff7..faabc9ff618 100644
--- a/regress/sbin/ipsecctl/ike43.ok
+++ b/regress/sbin/ipsecctl/ike43.ok
@@ -1,22 +1,22 @@
C set [Phase 1]:3ffe::2=peer-3ffe::2 force
C set [peer-3ffe::2]:Phase=1 force
C set [peer-3ffe::2]:Address=3ffe::2 force
-C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force
-C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Phase=2 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:ISAKMP-peer=peer-3ffe::2 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Configuration=qm-3ffe::1:2022-6-3ffe::2:22-6 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Local-ID=lid-3ffe::1:2022-6 force
-C set [IPsec-3ffe::1:2022-6-3ffe::2:22-6]:Remote-ID=rid-3ffe::2:22-6 force
-C set [qm-3ffe::1:2022-6-3ffe::2:22-6]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1:2022-6-3ffe::2:22-6]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1:2022-6]:ID-type=IPV6_ADDR force
-C set [lid-3ffe::1:2022-6]:Address=3ffe::1 force
-C set [rid-3ffe::2:22-6]:ID-type=IPV6_ADDR force
-C set [rid-3ffe::2:22-6]:Address=3ffe::2 force
-C set [lid-3ffe::1:2022-6]:Protocol=6 force
-C set [rid-3ffe::2:22-6]:Protocol=6 force
-C set [lid-3ffe::1:2022-6]:Port=2022 force
-C set [rid-3ffe::2:22-6]:Port=22 force
-C add [Phase 2]:Connections=IPsec-3ffe::1:2022-6-3ffe::2:22-6
+C set [peer-3ffe::2]:Configuration=phase1-peer-3ffe::2 force
+C set [phase1-peer-3ffe::2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-3ffe::2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Phase=2 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:ISAKMP-peer=peer-3ffe::2 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Configuration=phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Local-ID=from-3ffe::1=6:2022 force
+C set [from-3ffe::1=6:2022-to-3ffe::2=6:22]:Remote-ID=to-3ffe::2=6:22 force
+C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1=6:2022]:ID-type=IPV6_ADDR force
+C set [from-3ffe::1=6:2022]:Address=3ffe::1 force
+C set [to-3ffe::2=6:22]:ID-type=IPV6_ADDR force
+C set [to-3ffe::2=6:22]:Address=3ffe::2 force
+C set [from-3ffe::1=6:2022]:Protocol=6 force
+C set [to-3ffe::2=6:22]:Protocol=6 force
+C set [from-3ffe::1=6:2022]:Port=2022 force
+C set [to-3ffe::2=6:22]:Port=22 force
+C add [Phase 2]:Connections=from-3ffe::1=6:2022-to-3ffe::2=6:22
diff --git a/regress/sbin/ipsecctl/ike46.ok b/regress/sbin/ipsecctl/ike46.ok
index 0b85fe1216f..c52acd23f1d 100644
--- a/regress/sbin/ipsecctl/ike46.ok
+++ b/regress/sbin/ipsecctl/ike46.ok
@@ -1,36 +1,36 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-TRP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-ESP-TRP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike47.ok b/regress/sbin/ipsecctl/ike47.ok
index 43d908869e6..8d13650a978 100644
--- a/regress/sbin/ipsecctl/ike47.ok
+++ b/regress/sbin/ipsecctl/ike47.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-0.0.0.0/0]:Network=0.0.0.0 force
+C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
diff --git a/regress/sbin/ipsecctl/ike48.ok b/regress/sbin/ipsecctl/ike48.ok
index 625c82d2a4c..493ddc598a5 100644
--- a/regress/sbin/ipsecctl/ike48.ok
+++ b/regress/sbin/ipsecctl/ike48.ok
@@ -1,40 +1,40 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-0.0.0.0/0]:Network=0.0.0.0 force
+C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
diff --git a/regress/sbin/ipsecctl/ike49.ok b/regress/sbin/ipsecctl/ike49.ok
index 48b43dc2f5e..cce2e81d578 100644
--- a/regress/sbin/ipsecctl/ike49.ok
+++ b/regress/sbin/ipsecctl/ike49.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-default force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-default force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike5.ok b/regress/sbin/ipsecctl/ike5.ok
index 2488919ccf7..3cd131f1c24 100644
--- a/regress/sbin/ipsecctl/ike5.ok
+++ b/regress/sbin/ipsecctl/ike5.ok
@@ -1,50 +1,50 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=3DES-SHA-GRP15-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-GRP15-RSA_SIG force
-C set [peer-131.188.33.29]:ID=sharleena.as10.net-ID force
-C set [sharleena.as10.net-ID]:ID-type=FQDN force
-C set [sharleena.as10.net-ID]:Name=sharleena.as10.net force
-C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
-C set [131.188.33.29-ID]:ID-type=FQDN force
-C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-GRP15-RSA_SIG force
+C set [peer-131.188.33.29]:ID=id-sharleena.as10.net force
+C set [id-sharleena.as10.net]:ID-type=FQDN force
+C set [id-sharleena.as10.net]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=id-faui31o.informatik.uni-erlangen.de force
+C set [id-faui31o.informatik.uni-erlangen.de]:ID-type=FQDN force
+C set [id-faui31o.informatik.uni-erlangen.de]:Name=faui31o.informatik.uni-erlangen.de force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike50.ok b/regress/sbin/ipsecctl/ike50.ok
index 942947628d8..d18632cc315 100644
--- a/regress/sbin/ipsecctl/ike50.ok
+++ b/regress/sbin/ipsecctl/ike50.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=1.1.1.1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:ISAKMP-peer=peer-default force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Configuration=qm-10.1.1.0/24-10.2.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.2.2.0/24]:Remote-ID=rid-10.2.2.0/24 force
-C set [qm-10.1.1.0/24-10.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.2.2.0/24]:Network=10.2.2.0 force
-C set [rid-10.2.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.2.2.0/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:ISAKMP-peer=peer-default force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.2.2.0/24 force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.2.2.0/24]:Remote-ID=to-10.2.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.2.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.2.2.0/24]:Network=10.2.2.0 force
+C set [to-10.2.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.2.2.0/24
diff --git a/regress/sbin/ipsecctl/ike51.ok b/regress/sbin/ipsecctl/ike51.ok
index 63ed7853e29..7748a47ecfe 100644
--- a/regress/sbin/ipsecctl/ike51.ok
+++ b/regress/sbin/ipsecctl/ike51.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Authentication=mekmitasdigoat force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Phase=2 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:ISAKMP-peer=peer-default force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Configuration=qm-3ffe::1/24-3ffe:2::/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Local-ID=lid-3ffe::1/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Remote-ID=rid-3ffe:2::/24 force
-C set [qm-3ffe::1/24-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1/24-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe::1/24]:Network=3ffe::1 force
-C set [lid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Local-ID=from-3ffe::1/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Remote-ID=to-3ffe:2::/24 force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe::1/24]:Network=3ffe::1 force
+C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/24]:Network=3ffe:2:: force
+C set [to-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
diff --git a/regress/sbin/ipsecctl/ike52.ok b/regress/sbin/ipsecctl/ike52.ok
index 91dab9d5009..26ab38fa24c 100644
--- a/regress/sbin/ipsecctl/ike52.ok
+++ b/regress/sbin/ipsecctl/ike52.ok
@@ -1,20 +1,20 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=3ffe::3 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Phase=2 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:ISAKMP-peer=peer-default force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Configuration=qm-3ffe::1/24-3ffe:2::/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Local-ID=lid-3ffe::1/24 force
-C set [IPsec-3ffe::1/24-3ffe:2::/24]:Remote-ID=rid-3ffe:2::/24 force
-C set [qm-3ffe::1/24-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3ffe::1/24-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-3ffe::1/24]:Network=3ffe::1 force
-C set [lid-3ffe::1/24]:Netmask=ffff:ff00:: force
-C set [rid-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-3ffe:2::/24]:Network=3ffe:2:: force
-C set [rid-3ffe:2::/24]:Netmask=ffff:ff00:: force
-C add [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Phase=2 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:ISAKMP-peer=peer-default force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Configuration=phase2-from-3ffe::1/24-to-3ffe:2::/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Local-ID=from-3ffe::1/24 force
+C set [from-3ffe::1/24-to-3ffe:2::/24]:Remote-ID=to-3ffe:2::/24 force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3ffe::1/24-to-3ffe:2::/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-3ffe::1/24]:Network=3ffe::1 force
+C set [from-3ffe::1/24]:Netmask=ffff:ff00:: force
+C set [to-3ffe:2::/24]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-3ffe:2::/24]:Network=3ffe:2:: force
+C set [to-3ffe:2::/24]:Netmask=ffff:ff00:: force
+C add [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
diff --git a/regress/sbin/ipsecctl/ike53.ok b/regress/sbin/ipsecctl/ike53.ok
index 884712edaef..f9b8c2e00aa 100644
--- a/regress/sbin/ipsecctl/ike53.ok
+++ b/regress/sbin/ipsecctl/ike53.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-AH-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-AH-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike54.ok b/regress/sbin/ipsecctl/ike54.ok
index 6852dc1ab7b..ba71199c199 100644
--- a/regress/sbin/ipsecctl/ike54.ok
+++ b/regress/sbin/ipsecctl/ike54.ok
@@ -1,21 +1,21 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Phase=2 force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:ISAKMP-peer=peer-default force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Configuration=qm-1.1.1.1:123-17-0.0.0.0/0:0-17 force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Local-ID=lid-1.1.1.1:123-17 force
-C set [IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17]:Remote-ID=rid-0.0.0.0/0:0-17 force
-C set [qm-1.1.1.1:123-17-0.0.0.0/0:0-17]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1:123-17-0.0.0.0/0:0-17]:Suites=QM-AH-TRP-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1:123-17]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1:123-17]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0:0-17]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0:0-17]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0:0-17]:Netmask=0.0.0.0 force
-C set [lid-1.1.1.1:123-17]:Protocol=17 force
-C set [rid-0.0.0.0/0:0-17]:Protocol=17 force
-C set [lid-1.1.1.1:123-17]:Port=123 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1:123-17-0.0.0.0/0:0-17
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Phase=2 force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:ISAKMP-peer=peer-default force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Configuration=phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17 force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Local-ID=from-1.1.1.1=17:123 force
+C set [from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Remote-ID=to-0.0.0.0/0=17 force
+C set [phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1=17:123-to-0.0.0.0/0=17]:Suites=QM-AH-TRP-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1=17:123]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1=17:123]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0=17]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0=17]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0=17]:Netmask=0.0.0.0 force
+C set [from-1.1.1.1=17:123]:Protocol=17 force
+C set [to-0.0.0.0/0=17]:Protocol=17 force
+C set [from-1.1.1.1=17:123]:Port=123 force
+C add [Phase 2]:Connections=from-1.1.1.1=17:123-to-0.0.0.0/0=17
diff --git a/regress/sbin/ipsecctl/ike55.ok b/regress/sbin/ipsecctl/ike55.ok
index 02d884ecc17..3afcf17b93a 100644
--- a/regress/sbin/ipsecctl/ike55.ok
+++ b/regress/sbin/ipsecctl/ike55.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-AH-MD5-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force
-C set [rid-2.2.2.2]:Address=2.2.2.2 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-AH-MD5-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-2.2.2.2]:ID-type=IPV4_ADDR force
+C set [to-2.2.2.2]:Address=2.2.2.2 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
diff --git a/regress/sbin/ipsecctl/ike56.ok b/regress/sbin/ipsecctl/ike56.ok
index 2891999b60e..c41b62ec22b 100644
--- a/regress/sbin/ipsecctl/ike56.ok
+++ b/regress/sbin/ipsecctl/ike56.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:127.0.0.1=peer-127.0.0.1 force
C set [peer-127.0.0.1]:Phase=1 force
C set [peer-127.0.0.1]:Address=127.0.0.1 force
-C set [peer-127.0.0.1]:Configuration=mm-127.0.0.1 force
-C set [mm-127.0.0.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-127.0.0.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-127.0.0.1-127.0.0.1]:Phase=2 force
-C set [IPsec-127.0.0.1-127.0.0.1]:ISAKMP-peer=peer-127.0.0.1 force
-C set [IPsec-127.0.0.1-127.0.0.1]:Configuration=qm-127.0.0.1-127.0.0.1 force
-C set [IPsec-127.0.0.1-127.0.0.1]:Local-ID=lid-127.0.0.1 force
-C set [IPsec-127.0.0.1-127.0.0.1]:Remote-ID=rid-127.0.0.1 force
-C set [qm-127.0.0.1-127.0.0.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-127.0.0.1-127.0.0.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-127.0.0.1]:ID-type=IPV4_ADDR force
-C set [lid-127.0.0.1]:Address=127.0.0.1 force
-C set [rid-127.0.0.1]:ID-type=IPV4_ADDR force
-C set [rid-127.0.0.1]:Address=127.0.0.1 force
-C add [Phase 2]:Passive-Connections=IPsec-127.0.0.1-127.0.0.1
+C set [peer-127.0.0.1]:Configuration=phase1-peer-127.0.0.1 force
+C set [phase1-peer-127.0.0.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-127.0.0.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-127.0.0.1-to-127.0.0.1]:Phase=2 force
+C set [from-127.0.0.1-to-127.0.0.1]:ISAKMP-peer=peer-127.0.0.1 force
+C set [from-127.0.0.1-to-127.0.0.1]:Configuration=phase2-from-127.0.0.1-to-127.0.0.1 force
+C set [from-127.0.0.1-to-127.0.0.1]:Local-ID=from-127.0.0.1 force
+C set [from-127.0.0.1-to-127.0.0.1]:Remote-ID=to-127.0.0.1 force
+C set [phase2-from-127.0.0.1-to-127.0.0.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-127.0.0.1-to-127.0.0.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-127.0.0.1]:ID-type=IPV4_ADDR force
+C set [from-127.0.0.1]:Address=127.0.0.1 force
+C set [to-127.0.0.1]:ID-type=IPV4_ADDR force
+C set [to-127.0.0.1]:Address=127.0.0.1 force
+C add [Phase 2]:Passive-Connections=from-127.0.0.1-to-127.0.0.1
diff --git a/regress/sbin/ipsecctl/ike57.ok b/regress/sbin/ipsecctl/ike57.ok
index 6f77ea5f6fa..b99305288b1 100644
--- a/regress/sbin/ipsecctl/ike57.ok
+++ b/regress/sbin/ipsecctl/ike57.ok
@@ -1,78 +1,78 @@
C set [Phase 1]:192.168.0.1=peer-192.168.0.1 force
C set [peer-192.168.0.1]:Phase=1 force
C set [peer-192.168.0.1]:Address=192.168.0.1 force
-C set [peer-192.168.0.1]:Configuration=mm-192.168.0.1 force
-C set [mm-192.168.0.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.0.1]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-192.168.0.1]:ID=me@example.com-ID force
-C set [me@example.com-ID]:ID-type=USER_FQDN force
-C set [me@example.com-ID]:Name=me@example.com force
-C set [peer-192.168.0.1]:Remote-ID=192.168.0.1-ID force
-C set [192.168.0.1-ID]:ID-type=FQDN force
-C set [192.168.0.1-ID]:Name=other.example.com force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Phase=2 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:ISAKMP-peer=peer-192.168.0.1 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Configuration=qm-10.0.0.0/24-10.0.1.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Local-ID=lid-10.0.0.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.1.0/24]:Remote-ID=rid-10.0.1.0/24 force
-C set [qm-10.0.0.0/24-10.0.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.0/24-10.0.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.0.0.0/24]:Network=10.0.0.0 force
-C set [lid-10.0.0.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.0.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.0.1.0/24]:Network=10.0.1.0 force
-C set [rid-10.0.1.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.0.0.0/24-10.0.1.0/24
+C set [peer-192.168.0.1]:Configuration=phase1-peer-192.168.0.1 force
+C set [phase1-peer-192.168.0.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.0.1]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-192.168.0.1]:ID=id-me@example.com force
+C set [id-me@example.com]:ID-type=USER_FQDN force
+C set [id-me@example.com]:Name=me@example.com force
+C set [peer-192.168.0.1]:Remote-ID=id-other.example.com force
+C set [id-other.example.com]:ID-type=FQDN force
+C set [id-other.example.com]:Name=other.example.com force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Phase=2 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:ISAKMP-peer=peer-192.168.0.1 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.1.0/24 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Local-ID=from-10.0.0.0/24 force
+C set [from-10.0.0.0/24-to-10.0.1.0/24]:Remote-ID=to-10.0.1.0/24 force
+C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.0/24-to-10.0.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.0.0.0/24]:Network=10.0.0.0 force
+C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
+C set [to-10.0.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.0.1.0/24]:Network=10.0.1.0 force
+C set [to-10.0.1.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.1.0/24
C set [Phase 1]:192.168.0.2=peer-192.168.0.2 force
C set [peer-192.168.0.2]:Phase=1 force
C set [peer-192.168.0.2]:Address=192.168.0.2 force
-C set [peer-192.168.0.2]:Configuration=mm-192.168.0.2 force
-C set [mm-192.168.0.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.0.2]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-192.168.0.2]:ID=me@example.com-ID force
-C set [me@example.com-ID]:ID-type=USER_FQDN force
-C set [me@example.com-ID]:Name=me@example.com force
-C set [peer-192.168.0.2]:Remote-ID=192.168.0.2-ID force
-C set [192.168.0.2-ID]:ID-type=USER_FQDN force
-C set [192.168.0.2-ID]:Name=other@example.com force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Phase=2 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:ISAKMP-peer=peer-192.168.0.2 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Configuration=qm-10.0.0.0/24-10.0.2.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Local-ID=lid-10.0.0.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.2.0/24]:Remote-ID=rid-10.0.2.0/24 force
-C set [qm-10.0.0.0/24-10.0.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.0/24-10.0.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.0.0.0/24]:Network=10.0.0.0 force
-C set [lid-10.0.0.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.0.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.0.2.0/24]:Network=10.0.2.0 force
-C set [rid-10.0.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.0.0.0/24-10.0.2.0/24
+C set [peer-192.168.0.2]:Configuration=phase1-peer-192.168.0.2 force
+C set [phase1-peer-192.168.0.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.0.2]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-192.168.0.2]:ID=id-me@example.com force
+C set [id-me@example.com]:ID-type=USER_FQDN force
+C set [id-me@example.com]:Name=me@example.com force
+C set [peer-192.168.0.2]:Remote-ID=id-other@example.com force
+C set [id-other@example.com]:ID-type=USER_FQDN force
+C set [id-other@example.com]:Name=other@example.com force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Phase=2 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:ISAKMP-peer=peer-192.168.0.2 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.2.0/24 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Local-ID=from-10.0.0.0/24 force
+C set [from-10.0.0.0/24-to-10.0.2.0/24]:Remote-ID=to-10.0.2.0/24 force
+C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.0/24-to-10.0.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.0.0.0/24]:Network=10.0.0.0 force
+C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
+C set [to-10.0.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.0.2.0/24]:Network=10.0.2.0 force
+C set [to-10.0.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.2.0/24
C set [Phase 1]:192.168.0.3=peer-192.168.0.3 force
C set [peer-192.168.0.3]:Phase=1 force
C set [peer-192.168.0.3]:Address=192.168.0.3 force
-C set [peer-192.168.0.3]:Configuration=mm-192.168.0.3 force
-C set [mm-192.168.0.3]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.0.3]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-192.168.0.3]:ID=me.example.com-ID force
-C set [me.example.com-ID]:ID-type=FQDN force
-C set [me.example.com-ID]:Name=me.example.com force
-C set [peer-192.168.0.3]:Remote-ID=192.168.0.3-ID force
-C set [192.168.0.3-ID]:ID-type=USER_FQDN force
-C set [192.168.0.3-ID]:Name=other@example.com force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Phase=2 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:ISAKMP-peer=peer-192.168.0.3 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Configuration=qm-10.0.0.0/24-10.0.3.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Local-ID=lid-10.0.0.0/24 force
-C set [IPsec-10.0.0.0/24-10.0.3.0/24]:Remote-ID=rid-10.0.3.0/24 force
-C set [qm-10.0.0.0/24-10.0.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.0/24-10.0.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.0.0.0/24]:Network=10.0.0.0 force
-C set [lid-10.0.0.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.0.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.0.3.0/24]:Network=10.0.3.0 force
-C set [rid-10.0.3.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.0.0.0/24-10.0.3.0/24
+C set [peer-192.168.0.3]:Configuration=phase1-peer-192.168.0.3 force
+C set [phase1-peer-192.168.0.3]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.0.3]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-192.168.0.3]:ID=id-me.example.com force
+C set [id-me.example.com]:ID-type=FQDN force
+C set [id-me.example.com]:Name=me.example.com force
+C set [peer-192.168.0.3]:Remote-ID=id-other@example.com force
+C set [id-other@example.com]:ID-type=USER_FQDN force
+C set [id-other@example.com]:Name=other@example.com force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Phase=2 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:ISAKMP-peer=peer-192.168.0.3 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Configuration=phase2-from-10.0.0.0/24-to-10.0.3.0/24 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Local-ID=from-10.0.0.0/24 force
+C set [from-10.0.0.0/24-to-10.0.3.0/24]:Remote-ID=to-10.0.3.0/24 force
+C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.0/24-to-10.0.3.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.0.0.0/24]:Network=10.0.0.0 force
+C set [from-10.0.0.0/24]:Netmask=255.255.255.0 force
+C set [to-10.0.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.0.3.0/24]:Network=10.0.3.0 force
+C set [to-10.0.3.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.0.0.0/24-to-10.0.3.0/24
diff --git a/regress/sbin/ipsecctl/ike58.ok b/regress/sbin/ipsecctl/ike58.ok
index 55716265dd3..bc2f331a252 100644
--- a/regress/sbin/ipsecctl/ike58.ok
+++ b/regress/sbin/ipsecctl/ike58.ok
@@ -1,57 +1,57 @@
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force
-C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force
+C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-0.0.0.0/0]:Network=0.0.0.0 force
+C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
-C set [peer-default]:Configuration=mm-default force
-C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-::/0-::/0]:Phase=2 force
-C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
-C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
-C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
-C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
-C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [lid-::/0]:Network=:: force
-C set [lid-::/0]:Netmask=:: force
-C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
-C set [rid-::/0]:Network=:: force
-C set [rid-::/0]:Netmask=:: force
-C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [peer-default]:Configuration=phase1-peer-default force
+C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-default]:Transforms=AES-SHA-RSA_SIG force
+C set [from-::/0-to-::/0]:Phase=2 force
+C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
+C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
+C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
+C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
+C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-::/0-to-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [from-::/0]:Network=:: force
+C set [from-::/0]:Netmask=:: force
+C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [to-::/0]:Network=:: force
+C set [to-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=from-::/0-to-::/0
diff --git a/regress/sbin/ipsecctl/ike59.ok b/regress/sbin/ipsecctl/ike59.ok
index aa1ccfe07b1..1ed5bb4c6bf 100644
--- a/regress/sbin/ipsecctl/ike59.ok
+++ b/regress/sbin/ipsecctl/ike59.ok
@@ -1,18 +1,18 @@
C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force
C set [peer-1.2.3.4]:Phase=1 force
C set [peer-1.2.3.4]:Address=1.2.3.4 force
-C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force
-C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Phase=2 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:ISAKMP-peer=peer-1.2.3.4 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Configuration=qm-10.0.0.1/32-10.0.0.2/32 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Local-ID=lid-10.0.0.1/32 force
-C set [IPsec-10.0.0.1/32-10.0.0.2/32]:Remote-ID=rid-10.0.0.2/32 force
-C set [qm-10.0.0.1/32-10.0.0.2/32]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.0.0.1/32-10.0.0.2/32]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.0.0.1/32]:ID-type=IPV4_ADDR force
-C set [lid-10.0.0.1/32]:Address=10.0.0.1 force
-C set [rid-10.0.0.2/32]:ID-type=IPV4_ADDR force
-C set [rid-10.0.0.2/32]:Address=10.0.0.2 force
-C add [Phase 2]:Connections=IPsec-10.0.0.1/32-10.0.0.2/32
+C set [peer-1.2.3.4]:Configuration=phase1-peer-1.2.3.4 force
+C set [phase1-peer-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.2.3.4]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Phase=2 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:ISAKMP-peer=peer-1.2.3.4 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Configuration=phase2-from-10.0.0.1/32-to-10.0.0.2/32 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Local-ID=from-10.0.0.1/32 force
+C set [from-10.0.0.1/32-to-10.0.0.2/32]:Remote-ID=to-10.0.0.2/32 force
+C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.0.0.1/32-to-10.0.0.2/32]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.0.0.1/32]:ID-type=IPV4_ADDR force
+C set [from-10.0.0.1/32]:Address=10.0.0.1 force
+C set [to-10.0.0.2/32]:ID-type=IPV4_ADDR force
+C set [to-10.0.0.2/32]:Address=10.0.0.2 force
+C add [Phase 2]:Connections=from-10.0.0.1/32-to-10.0.0.2/32
diff --git a/regress/sbin/ipsecctl/ike6.ok b/regress/sbin/ipsecctl/ike6.ok
index 6e46035c7c2..f755e168d43 100644
--- a/regress/sbin/ipsecctl/ike6.ok
+++ b/regress/sbin/ipsecctl/ike6.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
-C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
+C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.1.0/24]:Network=10.1.1.0 force
+C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.2.0/24]:Network=10.1.2.0 force
+C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
C set [Phase 1]:131.188.33.29=peer-131.188.33.29 force
C set [peer-131.188.33.29]:Phase=1 force
C set [peer-131.188.33.29]:Address=131.188.33.29 force
-C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
-C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
-C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
-C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
-C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.51]:Address=131.188.33.51 force
-C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.29]:Address=131.188.33.29 force
-C add [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
+C set [peer-131.188.33.29]:Configuration=phase1-peer-131.188.33.29 force
+C set [phase1-peer-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.29]:Transforms=AES-SHA-RSA_SIG force
+C set [from-131.188.33.51-to-131.188.33.29]:Phase=2 force
+C set [from-131.188.33.51-to-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Configuration=phase2-from-131.188.33.51-to-131.188.33.29 force
+C set [from-131.188.33.51-to-131.188.33.29]:Local-ID=from-131.188.33.51 force
+C set [from-131.188.33.51-to-131.188.33.29]:Remote-ID=to-131.188.33.29 force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.51-to-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.51]:Address=131.188.33.51 force
+C set [to-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.29]:Address=131.188.33.29 force
+C add [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike7.ok b/regress/sbin/ipsecctl/ike7.ok
index a39f1b37ba5..401a040aefc 100644
--- a/regress/sbin/ipsecctl/ike7.ok
+++ b/regress/sbin/ipsecctl/ike7.ok
@@ -1,38 +1,38 @@
C set [Phase 1]:131.188.33.51=peer-131.188.33.51 force
C set [peer-131.188.33.51]:Phase=1 force
C set [peer-131.188.33.51]:Address=131.188.33.51 force
-C set [peer-131.188.33.51]:Configuration=mm-131.188.33.51 force
-C set [mm-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Phase=2 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Configuration=qm-10.1.2.0/24-10.1.1.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Local-ID=lid-10.1.2.0/24 force
-C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Remote-ID=rid-10.1.1.0/24 force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-10.1.2.0/24-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-10.1.2.0/24]:Network=10.1.2.0 force
-C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-10.1.1.0/24]:Network=10.1.1.0 force
-C set [rid-10.1.1.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
+C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force
+C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Phase=2 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Configuration=phase2-from-10.1.2.0/24-to-10.1.1.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Local-ID=from-10.1.2.0/24 force
+C set [from-10.1.2.0/24-to-10.1.1.0/24]:Remote-ID=to-10.1.1.0/24 force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-10.1.2.0/24-to-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-10.1.2.0/24]:Network=10.1.2.0 force
+C set [from-10.1.2.0/24]:Netmask=255.255.255.0 force
+C set [to-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-10.1.1.0/24]:Network=10.1.1.0 force
+C set [to-10.1.1.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
C set [Phase 1]:131.188.33.51=peer-131.188.33.51 force
C set [peer-131.188.33.51]:Phase=1 force
C set [peer-131.188.33.51]:Address=131.188.33.51 force
-C set [peer-131.188.33.51]:Configuration=mm-131.188.33.51 force
-C set [mm-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-131.188.33.29-131.188.33.51]:Phase=2 force
-C set [IPsec-131.188.33.29-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force
-C set [IPsec-131.188.33.29-131.188.33.51]:Configuration=qm-131.188.33.29-131.188.33.51 force
-C set [IPsec-131.188.33.29-131.188.33.51]:Local-ID=lid-131.188.33.29 force
-C set [IPsec-131.188.33.29-131.188.33.51]:Remote-ID=rid-131.188.33.51 force
-C set [qm-131.188.33.29-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-131.188.33.29-131.188.33.51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-131.188.33.29]:ID-type=IPV4_ADDR force
-C set [lid-131.188.33.29]:Address=131.188.33.29 force
-C set [rid-131.188.33.51]:ID-type=IPV4_ADDR force
-C set [rid-131.188.33.51]:Address=131.188.33.51 force
-C add [Phase 2]:Passive-Connections=IPsec-131.188.33.29-131.188.33.51
+C set [peer-131.188.33.51]:Configuration=phase1-peer-131.188.33.51 force
+C set [phase1-peer-131.188.33.51]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-131.188.33.51]:Transforms=AES-SHA-RSA_SIG force
+C set [from-131.188.33.29-to-131.188.33.51]:Phase=2 force
+C set [from-131.188.33.29-to-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force
+C set [from-131.188.33.29-to-131.188.33.51]:Configuration=phase2-from-131.188.33.29-to-131.188.33.51 force
+C set [from-131.188.33.29-to-131.188.33.51]:Local-ID=from-131.188.33.29 force
+C set [from-131.188.33.29-to-131.188.33.51]:Remote-ID=to-131.188.33.51 force
+C set [phase2-from-131.188.33.29-to-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-131.188.33.29-to-131.188.33.51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [from-131.188.33.29]:Address=131.188.33.29 force
+C set [to-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [to-131.188.33.51]:Address=131.188.33.51 force
+C add [Phase 2]:Passive-Connections=from-131.188.33.29-to-131.188.33.51
diff --git a/regress/sbin/ipsecctl/ike8.ok b/regress/sbin/ipsecctl/ike8.ok
index 45612b98e44..a79aff6fe83 100644
--- a/regress/sbin/ipsecctl/ike8.ok
+++ b/regress/sbin/ipsecctl/ike8.ok
@@ -1,19 +1,19 @@
C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force
C set [peer-192.168.3.1]:Phase=1 force
C set [peer-192.168.3.1]:Address=192.168.3.1 force
-C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force
-C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
-C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [lid-1.1.1.1]:Address=1.1.1.1 force
-C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
-C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
-C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
+C set [peer-192.168.3.1]:Configuration=phase1-peer-192.168.3.1 force
+C set [phase1-peer-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-192.168.3.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [from-1.1.1.1]:Address=1.1.1.1 force
+C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-0.0.0.0/0]:Network=0.0.0.0 force
+C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
diff --git a/regress/sbin/ipsecctl/ike9.ok b/regress/sbin/ipsecctl/ike9.ok
index 4d5c8f75294..948fae49f87 100644
--- a/regress/sbin/ipsecctl/ike9.ok
+++ b/regress/sbin/ipsecctl/ike9.ok
@@ -3,23 +3,23 @@ C set [General]:DPD-check-interval=5 force
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [peer-2.2.2.2]:ID=noname.my.domain-ID force
-C set [noname.my.domain-ID]:ID-type=FQDN force
-C set [noname.my.domain-ID]:Name=noname.my.domain force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Phase=2 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Configuration=qm-3.3.3.0/24-4.4.4.0/24 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-4.4.4.0/24]:Remote-ID=rid-4.4.4.0/24 force
-C set [qm-3.3.3.0/24-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [rid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [rid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-4.4.4.0/24
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [peer-2.2.2.2]:ID=id-noname.my.domain force
+C set [id-noname.my.domain]:ID-type=FQDN force
+C set [id-noname.my.domain]:Name=noname.my.domain force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Phase=2 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Configuration=phase2-from-3.3.3.0/24-to-4.4.4.0/24 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-4.4.4.0/24]:Remote-ID=to-4.4.4.0/24 force
+C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-4.4.4.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [to-4.4.4.0/24]:Network=4.4.4.0 force
+C set [to-4.4.4.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-4.4.4.0/24
diff --git a/regress/sbin/ipsecctl/ikedel1.ok b/regress/sbin/ipsecctl/ikedel1.ok
index b9ccb241330..3b5ba8a3944 100644
--- a/regress/sbin/ipsecctl/ikedel1.ok
+++ b/regress/sbin/ipsecctl/ikedel1.ok
@@ -1,4 +1,4 @@
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel10.ok b/regress/sbin/ipsecctl/ikedel10.ok
index 1cbf70f751e..0fe7b61a202 100644
--- a/regress/sbin/ipsecctl/ikedel10.ok
+++ b/regress/sbin/ipsecctl/ikedel10.ok
@@ -1,4 +1,4 @@
-t IPsec-192.168.100.1:0-97-192.168.200.1:0-97
-C rmv [Phase 2]:Connections=IPsec-192.168.100.1:0-97-192.168.200.1:0-97
-C rms [IPsec-192.168.100.1:0-97-192.168.200.1:0-97]
-C rms [qm-192.168.100.1:0-97-192.168.200.1:0-97]
+t from-192.168.100.1=97-to-192.168.200.1=97
+C rmv [Phase 2]:Connections=from-192.168.100.1=97-to-192.168.200.1=97
+C rms [from-192.168.100.1=97-to-192.168.200.1=97]
+C rms [phase2-from-192.168.100.1=97-to-192.168.200.1=97]
diff --git a/regress/sbin/ipsecctl/ikedel11.ok b/regress/sbin/ipsecctl/ikedel11.ok
index b4d7c021903..475f10b063e 100644
--- a/regress/sbin/ipsecctl/ikedel11.ok
+++ b/regress/sbin/ipsecctl/ikedel11.ok
@@ -1,8 +1,8 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel12.ok b/regress/sbin/ipsecctl/ikedel12.ok
index 40d4ec8ee8c..22a8c644def 100644
--- a/regress/sbin/ipsecctl/ikedel12.ok
+++ b/regress/sbin/ipsecctl/ikedel12.ok
@@ -1,13 +1,13 @@
TO = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
-t IPsec-1.1.1.1-2.2.2.0/24
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.0/24
-C rms [IPsec-1.1.1.1-2.2.2.0/24]
-C rms [qm-1.1.1.1-2.2.2.0/24]
-t IPsec-1.1.1.1-3.3.3.0/24
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-3.3.3.0/24
-C rms [IPsec-1.1.1.1-3.3.3.0/24]
-C rms [qm-1.1.1.1-3.3.3.0/24]
-t IPsec-1.1.1.1-4.4.4.0/24
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-4.4.4.0/24
-C rms [IPsec-1.1.1.1-4.4.4.0/24]
-C rms [qm-1.1.1.1-4.4.4.0/24]
+t from-1.1.1.1-to-2.2.2.0/24
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.0/24
+C rms [from-1.1.1.1-to-2.2.2.0/24]
+C rms [phase2-from-1.1.1.1-to-2.2.2.0/24]
+t from-1.1.1.1-to-3.3.3.0/24
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-3.3.3.0/24
+C rms [from-1.1.1.1-to-3.3.3.0/24]
+C rms [phase2-from-1.1.1.1-to-3.3.3.0/24]
+t from-1.1.1.1-to-4.4.4.0/24
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-4.4.4.0/24
+C rms [from-1.1.1.1-to-4.4.4.0/24]
+C rms [phase2-from-1.1.1.1-to-4.4.4.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel13.ok b/regress/sbin/ipsecctl/ikedel13.ok
index 96d61ee8548..e80665011d5 100644
--- a/regress/sbin/ipsecctl/ikedel13.ok
+++ b/regress/sbin/ipsecctl/ikedel13.ok
@@ -1,13 +1,13 @@
FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
-t IPsec-2.2.2.0/24-1.1.1.1
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-1.1.1.1
-C rms [IPsec-2.2.2.0/24-1.1.1.1]
-C rms [qm-2.2.2.0/24-1.1.1.1]
-t IPsec-3.3.3.0/24-1.1.1.1
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-1.1.1.1
-C rms [IPsec-3.3.3.0/24-1.1.1.1]
-C rms [qm-3.3.3.0/24-1.1.1.1]
-t IPsec-4.4.4.0/24-1.1.1.1
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-1.1.1.1
-C rms [IPsec-4.4.4.0/24-1.1.1.1]
-C rms [qm-4.4.4.0/24-1.1.1.1]
+t from-2.2.2.0/24-to-1.1.1.1
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-1.1.1.1
+C rms [from-2.2.2.0/24-to-1.1.1.1]
+C rms [phase2-from-2.2.2.0/24-to-1.1.1.1]
+t from-3.3.3.0/24-to-1.1.1.1
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-1.1.1.1
+C rms [from-3.3.3.0/24-to-1.1.1.1]
+C rms [phase2-from-3.3.3.0/24-to-1.1.1.1]
+t from-4.4.4.0/24-to-1.1.1.1
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-1.1.1.1
+C rms [from-4.4.4.0/24-to-1.1.1.1]
+C rms [phase2-from-4.4.4.0/24-to-1.1.1.1]
diff --git a/regress/sbin/ipsecctl/ikedel14.ok b/regress/sbin/ipsecctl/ikedel14.ok
index b2c55902147..b3a89db610d 100644
--- a/regress/sbin/ipsecctl/ikedel14.ok
+++ b/regress/sbin/ipsecctl/ikedel14.ok
@@ -1,38 +1,38 @@
FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
-t IPsec-2.2.2.0/24-5.5.5.0/24
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-5.5.5.0/24
-C rms [IPsec-2.2.2.0/24-5.5.5.0/24]
-C rms [qm-2.2.2.0/24-5.5.5.0/24]
-t IPsec-2.2.2.0/24-6.6.6.0/24
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-6.6.6.0/24
-C rms [IPsec-2.2.2.0/24-6.6.6.0/24]
-C rms [qm-2.2.2.0/24-6.6.6.0/24]
-t IPsec-2.2.2.0/24-7.7.7.0/24
-C rmv [Phase 2]:Connections=IPsec-2.2.2.0/24-7.7.7.0/24
-C rms [IPsec-2.2.2.0/24-7.7.7.0/24]
-C rms [qm-2.2.2.0/24-7.7.7.0/24]
-t IPsec-3.3.3.0/24-5.5.5.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-5.5.5.0/24
-C rms [IPsec-3.3.3.0/24-5.5.5.0/24]
-C rms [qm-3.3.3.0/24-5.5.5.0/24]
-t IPsec-3.3.3.0/24-6.6.6.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-6.6.6.0/24
-C rms [IPsec-3.3.3.0/24-6.6.6.0/24]
-C rms [qm-3.3.3.0/24-6.6.6.0/24]
-t IPsec-3.3.3.0/24-7.7.7.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-7.7.7.0/24
-C rms [IPsec-3.3.3.0/24-7.7.7.0/24]
-C rms [qm-3.3.3.0/24-7.7.7.0/24]
-t IPsec-4.4.4.0/24-5.5.5.0/24
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-5.5.5.0/24
-C rms [IPsec-4.4.4.0/24-5.5.5.0/24]
-C rms [qm-4.4.4.0/24-5.5.5.0/24]
-t IPsec-4.4.4.0/24-6.6.6.0/24
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-6.6.6.0/24
-C rms [IPsec-4.4.4.0/24-6.6.6.0/24]
-C rms [qm-4.4.4.0/24-6.6.6.0/24]
-t IPsec-4.4.4.0/24-7.7.7.0/24
-C rmv [Phase 2]:Connections=IPsec-4.4.4.0/24-7.7.7.0/24
-C rms [IPsec-4.4.4.0/24-7.7.7.0/24]
-C rms [qm-4.4.4.0/24-7.7.7.0/24]
+t from-2.2.2.0/24-to-5.5.5.0/24
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24
+C rms [from-2.2.2.0/24-to-5.5.5.0/24]
+C rms [phase2-from-2.2.2.0/24-to-5.5.5.0/24]
+t from-2.2.2.0/24-to-6.6.6.0/24
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24
+C rms [from-2.2.2.0/24-to-6.6.6.0/24]
+C rms [phase2-from-2.2.2.0/24-to-6.6.6.0/24]
+t from-2.2.2.0/24-to-7.7.7.0/24
+C rmv [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24
+C rms [from-2.2.2.0/24-to-7.7.7.0/24]
+C rms [phase2-from-2.2.2.0/24-to-7.7.7.0/24]
+t from-3.3.3.0/24-to-5.5.5.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24
+C rms [from-3.3.3.0/24-to-5.5.5.0/24]
+C rms [phase2-from-3.3.3.0/24-to-5.5.5.0/24]
+t from-3.3.3.0/24-to-6.6.6.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24
+C rms [from-3.3.3.0/24-to-6.6.6.0/24]
+C rms [phase2-from-3.3.3.0/24-to-6.6.6.0/24]
+t from-3.3.3.0/24-to-7.7.7.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24
+C rms [from-3.3.3.0/24-to-7.7.7.0/24]
+C rms [phase2-from-3.3.3.0/24-to-7.7.7.0/24]
+t from-4.4.4.0/24-to-5.5.5.0/24
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24
+C rms [from-4.4.4.0/24-to-5.5.5.0/24]
+C rms [phase2-from-4.4.4.0/24-to-5.5.5.0/24]
+t from-4.4.4.0/24-to-6.6.6.0/24
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24
+C rms [from-4.4.4.0/24-to-6.6.6.0/24]
+C rms [phase2-from-4.4.4.0/24-to-6.6.6.0/24]
+t from-4.4.4.0/24-to-7.7.7.0/24
+C rmv [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24
+C rms [from-4.4.4.0/24-to-7.7.7.0/24]
+C rms [phase2-from-4.4.4.0/24-to-7.7.7.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel15.ok b/regress/sbin/ipsecctl/ikedel15.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel15.ok
+++ b/regress/sbin/ipsecctl/ikedel15.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel16.ok b/regress/sbin/ipsecctl/ikedel16.ok
index 41535fe60e0..cdb180fb472 100644
--- a/regress/sbin/ipsecctl/ikedel16.ok
+++ b/regress/sbin/ipsecctl/ikedel16.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel17.ok b/regress/sbin/ipsecctl/ikedel17.ok
index 41535fe60e0..cdb180fb472 100644
--- a/regress/sbin/ipsecctl/ikedel17.ok
+++ b/regress/sbin/ipsecctl/ikedel17.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel18.ok b/regress/sbin/ipsecctl/ikedel18.ok
index 747cf7cd394..08de725df25 100644
--- a/regress/sbin/ipsecctl/ikedel18.ok
+++ b/regress/sbin/ipsecctl/ikedel18.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.2.0/24-10.1.1.0/24
-C rmv [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
-C rms [IPsec-10.1.2.0/24-10.1.1.0/24]
-C rms [qm-10.1.2.0/24-10.1.1.0/24]
-t IPsec-3ffe::29-3ffe::51
-C rmv [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
-C rms [IPsec-3ffe::29-3ffe::51]
-C rms [qm-3ffe::29-3ffe::51]
+t from-10.1.2.0/24-to-10.1.1.0/24
+C rmv [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
+C rms [from-10.1.2.0/24-to-10.1.1.0/24]
+C rms [phase2-from-10.1.2.0/24-to-10.1.1.0/24]
+t from-3ffe::29-to-3ffe::51
+C rmv [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
+C rms [from-3ffe::29-to-3ffe::51]
+C rms [phase2-from-3ffe::29-to-3ffe::51]
diff --git a/regress/sbin/ipsecctl/ikedel19.ok b/regress/sbin/ipsecctl/ikedel19.ok
index 348019d0c58..877f8f40f82 100644
--- a/regress/sbin/ipsecctl/ikedel19.ok
+++ b/regress/sbin/ipsecctl/ikedel19.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel2.ok b/regress/sbin/ipsecctl/ikedel2.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel2.ok
+++ b/regress/sbin/ipsecctl/ikedel2.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel20.ok b/regress/sbin/ipsecctl/ikedel20.ok
index b4d7c021903..475f10b063e 100644
--- a/regress/sbin/ipsecctl/ikedel20.ok
+++ b/regress/sbin/ipsecctl/ikedel20.ok
@@ -1,8 +1,8 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel21.ok b/regress/sbin/ipsecctl/ikedel21.ok
index a351c8697ca..ece0234b9aa 100644
--- a/regress/sbin/ipsecctl/ikedel21.ok
+++ b/regress/sbin/ipsecctl/ikedel21.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1-3ffe::2
-C rmv [Phase 2]:Connections=IPsec-3ffe::1-3ffe::2
-C rms [IPsec-3ffe::1-3ffe::2]
-C rms [qm-3ffe::1-3ffe::2]
+t from-3ffe::1-to-3ffe::2
+C rmv [Phase 2]:Connections=from-3ffe::1-to-3ffe::2
+C rms [from-3ffe::1-to-3ffe::2]
+C rms [phase2-from-3ffe::1-to-3ffe::2]
diff --git a/regress/sbin/ipsecctl/ikedel22.ok b/regress/sbin/ipsecctl/ikedel22.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel22.ok
+++ b/regress/sbin/ipsecctl/ikedel22.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel23.ok b/regress/sbin/ipsecctl/ikedel23.ok
index 011bcc514c0..e6e030043ff 100644
--- a/regress/sbin/ipsecctl/ikedel23.ok
+++ b/regress/sbin/ipsecctl/ikedel23.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel29.ok b/regress/sbin/ipsecctl/ikedel29.ok
index 4e32fc51a2e..b599d9ed5a0 100644
--- a/regress/sbin/ipsecctl/ikedel29.ok
+++ b/regress/sbin/ipsecctl/ikedel29.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:3::/64-3ffe:4::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:3::/64-3ffe:4::/64
-C rms [IPsec-3ffe:3::/64-3ffe:4::/64]
-C rms [qm-3ffe:3::/64-3ffe:4::/64]
+t from-3ffe:3::/64-to-3ffe:4::/64
+C rmv [Phase 2]:Connections=from-3ffe:3::/64-to-3ffe:4::/64
+C rms [from-3ffe:3::/64-to-3ffe:4::/64]
+C rms [phase2-from-3ffe:3::/64-to-3ffe:4::/64]
diff --git a/regress/sbin/ipsecctl/ikedel3.ok b/regress/sbin/ipsecctl/ikedel3.ok
index b9ccb241330..3b5ba8a3944 100644
--- a/regress/sbin/ipsecctl/ikedel3.ok
+++ b/regress/sbin/ipsecctl/ikedel3.ok
@@ -1,4 +1,4 @@
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel30.ok b/regress/sbin/ipsecctl/ikedel30.ok
index 99e1524e1d7..f06f4e31b81 100644
--- a/regress/sbin/ipsecctl/ikedel30.ok
+++ b/regress/sbin/ipsecctl/ikedel30.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1:0-97-3ffe::2:0-97
-C rmv [Phase 2]:Connections=IPsec-3ffe::1:0-97-3ffe::2:0-97
-C rms [IPsec-3ffe::1:0-97-3ffe::2:0-97]
-C rms [qm-3ffe::1:0-97-3ffe::2:0-97]
+t from-3ffe::1=97-to-3ffe::2=97
+C rmv [Phase 2]:Connections=from-3ffe::1=97-to-3ffe::2=97
+C rms [from-3ffe::1=97-to-3ffe::2=97]
+C rms [phase2-from-3ffe::1=97-to-3ffe::2=97]
diff --git a/regress/sbin/ipsecctl/ikedel31.ok b/regress/sbin/ipsecctl/ikedel31.ok
index 9d25b1bd4f3..718af424d24 100644
--- a/regress/sbin/ipsecctl/ikedel31.ok
+++ b/regress/sbin/ipsecctl/ikedel31.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:2::1-::/0
-C rmv [Phase 2]:Connections=IPsec-3ffe:2::1-::/0
-C rms [IPsec-3ffe:2::1-::/0]
-C rms [qm-3ffe:2::1-::/0]
+t from-3ffe:2::1-to-::/0
+C rmv [Phase 2]:Connections=from-3ffe:2::1-to-::/0
+C rms [from-3ffe:2::1-to-::/0]
+C rms [phase2-from-3ffe:2::1-to-::/0]
diff --git a/regress/sbin/ipsecctl/ikedel32.ok b/regress/sbin/ipsecctl/ikedel32.ok
index b5c99a866df..2d8a848f385 100644
--- a/regress/sbin/ipsecctl/ikedel32.ok
+++ b/regress/sbin/ipsecctl/ikedel32.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel33.ok b/regress/sbin/ipsecctl/ikedel33.ok
index b5c99a866df..2d8a848f385 100644
--- a/regress/sbin/ipsecctl/ikedel33.ok
+++ b/regress/sbin/ipsecctl/ikedel33.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel34.ok b/regress/sbin/ipsecctl/ikedel34.ok
index 5d1826004d8..8b9222ca330 100644
--- a/regress/sbin/ipsecctl/ikedel34.ok
+++ b/regress/sbin/ipsecctl/ikedel34.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1/24-3ffe:2::/24
-C rmv [Phase 2]:Connections=IPsec-3ffe::1/24-3ffe:2::/24
-C rms [IPsec-3ffe::1/24-3ffe:2::/24]
-C rms [qm-3ffe::1/24-3ffe:2::/24]
+t from-3ffe::1/24-to-3ffe:2::/24
+C rmv [Phase 2]:Connections=from-3ffe::1/24-to-3ffe:2::/24
+C rms [from-3ffe::1/24-to-3ffe:2::/24]
+C rms [phase2-from-3ffe::1/24-to-3ffe:2::/24]
diff --git a/regress/sbin/ipsecctl/ikedel35.ok b/regress/sbin/ipsecctl/ikedel35.ok
index 2591e9bae8a..d5a2dba97eb 100644
--- a/regress/sbin/ipsecctl/ikedel35.ok
+++ b/regress/sbin/ipsecctl/ikedel35.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:2::/24-3ffe::1/24
-C rmv [Phase 2]:Connections=IPsec-3ffe:2::/24-3ffe::1/24
-C rms [IPsec-3ffe:2::/24-3ffe::1/24]
-C rms [qm-3ffe:2::/24-3ffe::1/24]
+t from-3ffe:2::/24-to-3ffe::1/24
+C rmv [Phase 2]:Connections=from-3ffe:2::/24-to-3ffe::1/24
+C rms [from-3ffe:2::/24-to-3ffe::1/24]
+C rms [phase2-from-3ffe:2::/24-to-3ffe::1/24]
diff --git a/regress/sbin/ipsecctl/ikedel36.ok b/regress/sbin/ipsecctl/ikedel36.ok
index 537ca7158f3..374004944a6 100644
--- a/regress/sbin/ipsecctl/ikedel36.ok
+++ b/regress/sbin/ipsecctl/ikedel36.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::3-3ffe::4
-C rmv [Phase 2]:Connections=IPsec-3ffe::3-3ffe::4
-C rms [IPsec-3ffe::3-3ffe::4]
-C rms [qm-3ffe::3-3ffe::4]
+t from-3ffe::3-to-3ffe::4
+C rmv [Phase 2]:Connections=from-3ffe::3-to-3ffe::4
+C rms [from-3ffe::3-to-3ffe::4]
+C rms [phase2-from-3ffe::3-to-3ffe::4]
diff --git a/regress/sbin/ipsecctl/ikedel37.ok b/regress/sbin/ipsecctl/ikedel37.ok
index f39c2e7fb2f..f26b164ad27 100644
--- a/regress/sbin/ipsecctl/ikedel37.ok
+++ b/regress/sbin/ipsecctl/ikedel37.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
diff --git a/regress/sbin/ipsecctl/ikedel38.ok b/regress/sbin/ipsecctl/ikedel38.ok
index 2b8a6128b7a..d662ee836c3 100644
--- a/regress/sbin/ipsecctl/ikedel38.ok
+++ b/regress/sbin/ipsecctl/ikedel38.ok
@@ -1,8 +1,8 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel39.ok b/regress/sbin/ipsecctl/ikedel39.ok
index 2b8a6128b7a..d662ee836c3 100644
--- a/regress/sbin/ipsecctl/ikedel39.ok
+++ b/regress/sbin/ipsecctl/ikedel39.ok
@@ -1,8 +1,8 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
-t IPsec-3ffe::51-3ffe::29
-C rmv [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29
-C rms [IPsec-3ffe::51-3ffe::29]
-C rms [qm-3ffe::51-3ffe::29]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
+t from-3ffe::51-to-3ffe::29
+C rmv [Phase 2]:Connections=from-3ffe::51-to-3ffe::29
+C rms [from-3ffe::51-to-3ffe::29]
+C rms [phase2-from-3ffe::51-to-3ffe::29]
diff --git a/regress/sbin/ipsecctl/ikedel4.ok b/regress/sbin/ipsecctl/ikedel4.ok
index 7533714a422..84b7935d361 100644
--- a/regress/sbin/ipsecctl/ikedel4.ok
+++ b/regress/sbin/ipsecctl/ikedel4.ok
@@ -1,4 +1,4 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
diff --git a/regress/sbin/ipsecctl/ikedel40.ok b/regress/sbin/ipsecctl/ikedel40.ok
index 12263436b5a..ea82fffd11d 100644
--- a/regress/sbin/ipsecctl/ikedel40.ok
+++ b/regress/sbin/ipsecctl/ikedel40.ok
@@ -1,8 +1,8 @@
-t IPsec-3ffe:1::/64-3ffe:2::/64
-C rmv [Phase 2]:Passive-Connections=IPsec-3ffe:1::/64-3ffe:2::/64
-C rms [IPsec-3ffe:1::/64-3ffe:2::/64]
-C rms [qm-3ffe:1::/64-3ffe:2::/64]
-t IPsec-3ffe::29-3ffe::51
-C rmv [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51
-C rms [IPsec-3ffe::29-3ffe::51]
-C rms [qm-3ffe::29-3ffe::51]
+t from-3ffe:1::/64-to-3ffe:2::/64
+C rmv [Phase 2]:Passive-Connections=from-3ffe:1::/64-to-3ffe:2::/64
+C rms [from-3ffe:1::/64-to-3ffe:2::/64]
+C rms [phase2-from-3ffe:1::/64-to-3ffe:2::/64]
+t from-3ffe::29-to-3ffe::51
+C rmv [Phase 2]:Passive-Connections=from-3ffe::29-to-3ffe::51
+C rms [from-3ffe::29-to-3ffe::51]
+C rms [phase2-from-3ffe::29-to-3ffe::51]
diff --git a/regress/sbin/ipsecctl/ikedel41.ok b/regress/sbin/ipsecctl/ikedel41.ok
index b5c99a866df..2d8a848f385 100644
--- a/regress/sbin/ipsecctl/ikedel41.ok
+++ b/regress/sbin/ipsecctl/ikedel41.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel42.ok b/regress/sbin/ipsecctl/ikedel42.ok
index ee383de31ba..63c5bac70ff 100644
--- a/regress/sbin/ipsecctl/ikedel42.ok
+++ b/regress/sbin/ipsecctl/ikedel42.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1:123-17-2.2.2.2:0-17
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1:123-17-2.2.2.2:0-17
-C rms [IPsec-1.1.1.1:123-17-2.2.2.2:0-17]
-C rms [qm-1.1.1.1:123-17-2.2.2.2:0-17]
+t from-1.1.1.1=17:123-to-2.2.2.2=17
+C rmv [Phase 2]:Connections=from-1.1.1.1=17:123-to-2.2.2.2=17
+C rms [from-1.1.1.1=17:123-to-2.2.2.2=17]
+C rms [phase2-from-1.1.1.1=17:123-to-2.2.2.2=17]
diff --git a/regress/sbin/ipsecctl/ikedel43.ok b/regress/sbin/ipsecctl/ikedel43.ok
index 933e3eddabc..6c222643500 100644
--- a/regress/sbin/ipsecctl/ikedel43.ok
+++ b/regress/sbin/ipsecctl/ikedel43.ok
@@ -1,4 +1,4 @@
-t IPsec-3ffe::1:2022-6-3ffe::2:22-6
-C rmv [Phase 2]:Connections=IPsec-3ffe::1:2022-6-3ffe::2:22-6
-C rms [IPsec-3ffe::1:2022-6-3ffe::2:22-6]
-C rms [qm-3ffe::1:2022-6-3ffe::2:22-6]
+t from-3ffe::1=6:2022-to-3ffe::2=6:22
+C rmv [Phase 2]:Connections=from-3ffe::1=6:2022-to-3ffe::2=6:22
+C rms [from-3ffe::1=6:2022-to-3ffe::2=6:22]
+C rms [phase2-from-3ffe::1=6:2022-to-3ffe::2=6:22]
diff --git a/regress/sbin/ipsecctl/ikedel46.ok b/regress/sbin/ipsecctl/ikedel46.ok
index 471de415e73..72e3255f9d4 100644
--- a/regress/sbin/ipsecctl/ikedel46.ok
+++ b/regress/sbin/ipsecctl/ikedel46.ok
@@ -1,8 +1,8 @@
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
-t IPsec-1.1.1.1-2.2.2.2
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2
-C rms [IPsec-1.1.1.1-2.2.2.2]
-C rms [qm-1.1.1.1-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
+t from-1.1.1.1-to-2.2.2.2
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-2.2.2.2
+C rms [from-1.1.1.1-to-2.2.2.2]
+C rms [phase2-from-1.1.1.1-to-2.2.2.2]
diff --git a/regress/sbin/ipsecctl/ikedel47.ok b/regress/sbin/ipsecctl/ikedel47.ok
index d5cfca95892..21bb8960f42 100644
--- a/regress/sbin/ipsecctl/ikedel47.ok
+++ b/regress/sbin/ipsecctl/ikedel47.ok
@@ -1,8 +1,8 @@
-t IPsec-0.0.0.0/0-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
-C rms [IPsec-0.0.0.0/0-0.0.0.0/0]
-C rms [qm-0.0.0.0/0-0.0.0.0/0]
-t IPsec-::/0-::/0
-C rmv [Phase 2]:Connections=IPsec-::/0-::/0
-C rms [IPsec-::/0-::/0]
-C rms [qm-::/0-::/0]
+t from-0.0.0.0/0-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
+C rms [from-0.0.0.0/0-to-0.0.0.0/0]
+C rms [phase2-from-0.0.0.0/0-to-0.0.0.0/0]
+t from-::/0-to-::/0
+C rmv [Phase 2]:Connections=from-::/0-to-::/0
+C rms [from-::/0-to-::/0]
+C rms [phase2-from-::/0-to-::/0]
diff --git a/regress/sbin/ipsecctl/ikedel5.ok b/regress/sbin/ipsecctl/ikedel5.ok
index c4ad919794f..ffe427b993d 100644
--- a/regress/sbin/ipsecctl/ikedel5.ok
+++ b/regress/sbin/ipsecctl/ikedel5.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel6.ok b/regress/sbin/ipsecctl/ikedel6.ok
index c4ad919794f..ffe427b993d 100644
--- a/regress/sbin/ipsecctl/ikedel6.ok
+++ b/regress/sbin/ipsecctl/ikedel6.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.1.0/24-10.1.2.0/24
-C rmv [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24
-C rms [IPsec-10.1.1.0/24-10.1.2.0/24]
-C rms [qm-10.1.1.0/24-10.1.2.0/24]
-t IPsec-131.188.33.51-131.188.33.29
-C rmv [Phase 2]:Connections=IPsec-131.188.33.51-131.188.33.29
-C rms [IPsec-131.188.33.51-131.188.33.29]
-C rms [qm-131.188.33.51-131.188.33.29]
+t from-10.1.1.0/24-to-10.1.2.0/24
+C rmv [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
+C rms [from-10.1.1.0/24-to-10.1.2.0/24]
+C rms [phase2-from-10.1.1.0/24-to-10.1.2.0/24]
+t from-131.188.33.51-to-131.188.33.29
+C rmv [Phase 2]:Connections=from-131.188.33.51-to-131.188.33.29
+C rms [from-131.188.33.51-to-131.188.33.29]
+C rms [phase2-from-131.188.33.51-to-131.188.33.29]
diff --git a/regress/sbin/ipsecctl/ikedel7.ok b/regress/sbin/ipsecctl/ikedel7.ok
index ace9069ff70..8102d736f09 100644
--- a/regress/sbin/ipsecctl/ikedel7.ok
+++ b/regress/sbin/ipsecctl/ikedel7.ok
@@ -1,8 +1,8 @@
-t IPsec-10.1.2.0/24-10.1.1.0/24
-C rmv [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
-C rms [IPsec-10.1.2.0/24-10.1.1.0/24]
-C rms [qm-10.1.2.0/24-10.1.1.0/24]
-t IPsec-131.188.33.29-131.188.33.51
-C rmv [Phase 2]:Passive-Connections=IPsec-131.188.33.29-131.188.33.51
-C rms [IPsec-131.188.33.29-131.188.33.51]
-C rms [qm-131.188.33.29-131.188.33.51]
+t from-10.1.2.0/24-to-10.1.1.0/24
+C rmv [Phase 2]:Passive-Connections=from-10.1.2.0/24-to-10.1.1.0/24
+C rms [from-10.1.2.0/24-to-10.1.1.0/24]
+C rms [phase2-from-10.1.2.0/24-to-10.1.1.0/24]
+t from-131.188.33.29-to-131.188.33.51
+C rmv [Phase 2]:Passive-Connections=from-131.188.33.29-to-131.188.33.51
+C rms [from-131.188.33.29-to-131.188.33.51]
+C rms [phase2-from-131.188.33.29-to-131.188.33.51]
diff --git a/regress/sbin/ipsecctl/ikedel8.ok b/regress/sbin/ipsecctl/ikedel8.ok
index 348019d0c58..877f8f40f82 100644
--- a/regress/sbin/ipsecctl/ikedel8.ok
+++ b/regress/sbin/ipsecctl/ikedel8.ok
@@ -1,4 +1,4 @@
-t IPsec-1.1.1.1-0.0.0.0/0
-C rmv [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0
-C rms [IPsec-1.1.1.1-0.0.0.0/0]
-C rms [qm-1.1.1.1-0.0.0.0/0]
+t from-1.1.1.1-to-0.0.0.0/0
+C rmv [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
+C rms [from-1.1.1.1-to-0.0.0.0/0]
+C rms [phase2-from-1.1.1.1-to-0.0.0.0/0]
diff --git a/regress/sbin/ipsecctl/ikedel9.ok b/regress/sbin/ipsecctl/ikedel9.ok
index 4a2aee506f7..c1cd47a2b44 100644
--- a/regress/sbin/ipsecctl/ikedel9.ok
+++ b/regress/sbin/ipsecctl/ikedel9.ok
@@ -1,4 +1,4 @@
-t IPsec-3.3.3.0/24-4.4.4.0/24
-C rmv [Phase 2]:Connections=IPsec-3.3.3.0/24-4.4.4.0/24
-C rms [IPsec-3.3.3.0/24-4.4.4.0/24]
-C rms [qm-3.3.3.0/24-4.4.4.0/24]
+t from-3.3.3.0/24-to-4.4.4.0/24
+C rmv [Phase 2]:Connections=from-3.3.3.0/24-to-4.4.4.0/24
+C rms [from-3.3.3.0/24-to-4.4.4.0/24]
+C rms [phase2-from-3.3.3.0/24-to-4.4.4.0/24]
diff --git a/regress/sbin/ipsecctl/ikefail6.ok b/regress/sbin/ipsecctl/ikefail6.ok
index 373f800c289..d71e7b12eea 100644
--- a/regress/sbin/ipsecctl/ikefail6.ok
+++ b/regress/sbin/ipsecctl/ikefail6.ok
@@ -2,13 +2,13 @@ ipsecctl: illegal transform aes
C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force
C set [peer-2.2.2.2]:Phase=1 force
C set [peer-2.2.2.2]:Address=2.2.2.2 force
-C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force
-C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force
-C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force
-C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-AH- \ No newline at end of file
+C set [peer-2.2.2.2]:Configuration=phase1-peer-2.2.2.2 force
+C set [phase1-peer-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-2.2.2.2]:Transforms=AES-SHA-RSA_SIG force
+C set [from-1.1.1.1-to-2.2.2.2]:Phase=2 force
+C set [from-1.1.1.1-to-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Configuration=phase2-from-1.1.1.1-to-2.2.2.2 force
+C set [from-1.1.1.1-to-2.2.2.2]:Local-ID=from-1.1.1.1 force
+C set [from-1.1.1.1-to-2.2.2.2]:Remote-ID=to-2.2.2.2 force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-1.1.1.1-to-2.2.2.2]:Suites=QM-AH- \ No newline at end of file
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index 12464bf84e9..0569c409a79 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike.c,v 1.63 2008/02/22 23:51:31 hshoexer Exp $ */
+/* $OpenBSD: ike.c,v 1.64 2008/07/01 15:00:53 bluhm Exp $ */
/*
* Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -79,30 +79,21 @@ ike_section_general(struct ipsec_rule *r, FILE *fd)
static void
ike_section_peer(struct ipsec_rule *r, FILE *fd)
{
- if (r->peer) {
- fprintf(fd, SET "[Phase 1]:%s=peer-%s force\n", r->peer->name,
- r->peer->name);
- fprintf(fd, SET "[peer-%s]:Phase=1 force\n", r->peer->name);
- fprintf(fd, SET "[peer-%s]:Address=%s force\n", r->peer->name,
+ if (r->peer)
+ fprintf(fd, SET "[Phase 1]:%s=%s force\n", r->peer->name,
+ r->p1name);
+ else
+ fprintf(fd, SET "[Phase 1]:Default=%s force\n", r->p1name);
+ fprintf(fd, SET "[%s]:Phase=1 force\n", r->p1name);
+ if (r->peer)
+ fprintf(fd, SET "[%s]:Address=%s force\n", r->p1name,
r->peer->name);
- if (r->local)
- fprintf(fd, SET "[peer-%s]:Local-address=%s force\n",
- r->peer->name, r->local->name);
- if (r->ikeauth->type == IKE_AUTH_PSK)
- fprintf(fd, SET "[peer-%s]:Authentication=%s force\n",
- r->peer->name, r->ikeauth->string);
- } else {
- fprintf(fd, SET "[Phase 1]:Default=peer-default force\n");
- fprintf(fd, SET "[peer-default]:Phase=1 force\n");
- if (r->local)
- fprintf(fd, SET
- "[peer-default]:Local-address=%s force\n",
- r->local->name);
- if (r->ikeauth->type == IKE_AUTH_PSK)
- fprintf(fd, SET
- "[peer-default]:Authentication=%s force\n",
- r->ikeauth->string);
- }
+ if (r->local)
+ fprintf(fd, SET "[%s]:Local-address=%s force\n", r->p1name,
+ r->local->name);
+ if (r->ikeauth->type == IKE_AUTH_PSK)
+ fprintf(fd, SET "[%s]:Authentication=%s force\n", r->p1name,
+ r->ikeauth->string);
}
static void
@@ -120,69 +111,44 @@ ike_section_ids(struct ipsec_rule *r, FILE *fd)
err(1, "ike_section_ids: strdup");
}
if (r->auth->srcid) {
- if (r->peer)
- fprintf(fd, SET "[peer-%s]:ID=%s-ID force\n",
- r->peer->name, r->auth->srcid);
- else
- fprintf(fd, SET "[peer-default]:ID=%s-ID force\n",
- r->auth->srcid);
-
- fprintf(fd, SET "[%s-ID]:ID-type=%s force\n", r->auth->srcid,
+ fprintf(fd, SET "[%s]:ID=id-%s force\n", r->p1name,
+ r->auth->srcid);
+ fprintf(fd, SET "[id-%s]:ID-type=%s force\n", r->auth->srcid,
ike_id_types[r->auth->srcid_type]);
- fprintf(fd, SET "[%s-ID]:Name=%s force\n", r->auth->srcid,
+ fprintf(fd, SET "[id-%s]:Name=%s force\n", r->auth->srcid,
r->auth->srcid);
}
if (r->auth->dstid) {
- if (r->peer) {
- fprintf(fd, SET "[peer-%s]:Remote-ID=%s-ID force\n",
- r->peer->name, r->peer->name);
- fprintf(fd, SET "[%s-ID]:ID-type=%s force\n",
- r->peer->name, ike_id_types[r->auth->dstid_type]);
- fprintf(fd, SET "[%s-ID]:Name=%s force\n", r->peer->name,
- r->auth->dstid);
- } else {
- fprintf(fd, SET
- "[peer-default]:Remote-ID=default-ID force\n");
- fprintf(fd, SET "[default-ID]:ID-type=%s force\n",
- ike_id_types[r->auth->dstid_type]);
- fprintf(fd, SET "[default-ID]:Name=%s force\n",
- r->auth->dstid);
- }
+ fprintf(fd, SET "[%s]:Remote-ID=id-%s force\n", r->p1name,
+ r->auth->dstid);
+ fprintf(fd, SET "[id-%s]:ID-type=%s force\n", r->auth->dstid,
+ ike_id_types[r->auth->dstid_type]);
+ fprintf(fd, SET "[id-%s]:Name=%s force\n", r->auth->dstid,
+ r->auth->dstid);
}
}
static void
ike_section_ipsec(struct ipsec_rule *r, FILE *fd)
{
- fprintf(fd, SET "[IPsec-%s]:Phase=2 force\n", r->p2name);
-
- if (r->peer)
- fprintf(fd, SET "[IPsec-%s]:ISAKMP-peer=peer-%s force\n",
- r->p2name, r->peer->name);
- else
- fprintf(fd, SET
- "[IPsec-%s]:ISAKMP-peer=peer-default force\n", r->p2name);
-
- fprintf(fd, SET "[IPsec-%s]:Configuration=qm-%s force\n", r->p2name,
+ fprintf(fd, SET "[%s]:Phase=2 force\n", r->p2name);
+ fprintf(fd, SET "[%s]:ISAKMP-peer=%s force\n", r->p2name, r->p1name);
+ fprintf(fd, SET "[%s]:Configuration=phase2-%s force\n", r->p2name,
r->p2name);
- fprintf(fd, SET "[IPsec-%s]:Local-ID=lid-%s force\n", r->p2name,
- r->p2lid);
- fprintf(fd, SET "[IPsec-%s]:Remote-ID=rid-%s force\n", r->p2name,
- r->p2rid);
+ fprintf(fd, SET "[%s]:Local-ID=%s force\n", r->p2name, r->p2lid);
+ fprintf(fd, SET "[%s]:Remote-ID=%s force\n", r->p2name, r->p2rid);
if (r->tag)
- fprintf(fd, SET "[IPsec-%s]:PF-Tag=%s force\n", r->p2name,
- r->tag);
+ fprintf(fd, SET "[%s]:PF-Tag=%s force\n", r->p2name, r->tag);
}
static int
ike_section_p2(struct ipsec_rule *r, FILE *fd)
{
- char *tag, *exchange_type, *sprefix;
+ char *exchange_type, *sprefix;
switch (r->p2ie) {
case IKE_QM:
- tag = "qm";
exchange_type = "QUICK_MODE";
sprefix = "QM";
break;
@@ -191,9 +157,9 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd)
return (-1);
}
- fprintf(fd, SET "[%s-%s]:EXCHANGE_TYPE=%s force\n", tag, r->p2name,
+ fprintf(fd, SET "[phase2-%s]:EXCHANGE_TYPE=%s force\n", r->p2name,
exchange_type);
- fprintf(fd, SET "[%s-%s]:Suites=%s-", tag, r->p2name, sprefix);
+ fprintf(fd, SET "[phase2-%s]:Suites=%s-", r->p2name, sprefix);
switch (r->satype) {
case IPSEC_ESP:
@@ -334,15 +300,13 @@ ike_section_p2(struct ipsec_rule *r, FILE *fd)
static int
ike_section_p1(struct ipsec_rule *r, FILE *fd)
{
- char *tag, *exchange_type;
+ char *exchange_type;
switch (r->p1ie) {
case IKE_MM:
- tag = "mm";
exchange_type = "ID_PROT";
break;
case IKE_AM:
- tag = "am";
exchange_type = "AGGRESSIVE";
break;
default:
@@ -350,19 +314,11 @@ ike_section_p1(struct ipsec_rule *r, FILE *fd)
return (-1);
}
- if (r->peer) {
- fprintf(fd, SET "[peer-%s]:Configuration=%s-%s force\n",
- r->peer->name, tag, r->peer->name);
- fprintf(fd, SET "[%s-%s]:EXCHANGE_TYPE=%s force\n",
- tag, r->peer->name, exchange_type);
- fprintf(fd, ADD "[%s-%s]:Transforms=", tag, r->peer->name);
- } else {
- fprintf(fd, SET
- "[peer-default]:Configuration=%s-default force\n", tag);
- fprintf(fd, SET "[%s-default]:EXCHANGE_TYPE=%s force\n",
- tag, exchange_type);
- fprintf(fd, ADD "[%s-default]:Transforms=", tag);
- }
+ fprintf(fd, SET "[%s]:Configuration=phase1-%s force\n", r->p1name,
+ r->p1name);
+ fprintf(fd, SET "[phase1-%s]:EXCHANGE_TYPE=%s force\n", r->p1name,
+ exchange_type);
+ fprintf(fd, ADD "[phase1-%s]:Transforms=", r->p1name);
if (r->p1xfs && r->p1xfs->encxf) {
switch (r->p1xfs->encxf->id) {
@@ -497,19 +453,19 @@ ike_section_p2ids(struct ipsec_rule *r, FILE *fd)
if ((p = strrchr(network, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[lid-%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
r->p2lid, ((src->af == AF_INET) ? 4 : 6));
- fprintf(fd, SET "[lid-%s]:Network=%s force\n", r->p2lid,
+ fprintf(fd, SET "[%s]:Network=%s force\n", r->p2lid,
network);
- fprintf(fd, SET "[lid-%s]:Netmask=%s force\n", r->p2lid, mask);
+ fprintf(fd, SET "[%s]:Netmask=%s force\n", r->p2lid, mask);
free(network);
} else {
- fprintf(fd, SET "[lid-%s]:ID-type=IPV%d_ADDR force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR force\n",
r->p2lid, ((src->af == AF_INET) ? 4 : 6));
if ((p = strrchr(src->name, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[lid-%s]:Address=%s force\n", r->p2lid,
+ fprintf(fd, SET "[%s]:Address=%s force\n", r->p2lid,
src->name);
}
if (dst->netaddress) {
@@ -539,32 +495,32 @@ ike_section_p2ids(struct ipsec_rule *r, FILE *fd)
if ((p = strrchr(network, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[rid-%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR_SUBNET force\n",
r->p2rid, ((dst->af == AF_INET) ? 4 : 6));
- fprintf(fd, SET "[rid-%s]:Network=%s force\n", r->p2rid,
+ fprintf(fd, SET "[%s]:Network=%s force\n", r->p2rid,
network);
- fprintf(fd, SET "[rid-%s]:Netmask=%s force\n", r->p2rid, mask);
+ fprintf(fd, SET "[%s]:Netmask=%s force\n", r->p2rid, mask);
free(network);
} else {
- fprintf(fd, SET "[rid-%s]:ID-type=IPV%d_ADDR force\n",
+ fprintf(fd, SET "[%s]:ID-type=IPV%d_ADDR force\n",
r->p2rid, ((dst->af == AF_INET) ? 4 : 6));
if ((p = strrchr(dst->name, '/')) != NULL)
*p = '\0';
- fprintf(fd, SET "[rid-%s]:Address=%s force\n", r->p2rid,
+ fprintf(fd, SET "[%s]:Address=%s force\n", r->p2rid,
dst->name);
}
if (r->proto) {
- fprintf(fd, SET "[lid-%s]:Protocol=%d force\n",
+ fprintf(fd, SET "[%s]:Protocol=%d force\n",
r->p2lid, r->proto);
- fprintf(fd, SET "[rid-%s]:Protocol=%d force\n",
+ fprintf(fd, SET "[%s]:Protocol=%d force\n",
r->p2rid, r->proto);
}
if (r->sport)
- fprintf(fd, SET "[lid-%s]:Port=%d force\n", r->p2lid,
+ fprintf(fd, SET "[%s]:Port=%d force\n", r->p2lid,
ntohs(r->sport));
if (r->dport)
- fprintf(fd, SET "[rid-%s]:Port=%d force\n", r->p2rid,
+ fprintf(fd, SET "[%s]:Port=%d force\n", r->p2rid,
ntohs(r->dport));
}
@@ -574,10 +530,10 @@ ike_connect(struct ipsec_rule *r, FILE *fd)
switch (r->ikemode) {
case IKE_ACTIVE:
case IKE_DYNAMIC:
- fprintf(fd, ADD "[Phase 2]:Connections=IPsec-%s\n", r->p2name);
+ fprintf(fd, ADD "[Phase 2]:Connections=%s\n", r->p2name);
break;
case IKE_PASSIVE:
- fprintf(fd, ADD "[Phase 2]:Passive-Connections=IPsec-%s\n",
+ fprintf(fd, ADD "[Phase 2]:Passive-Connections=%s\n",
r->p2name);
break;
default:
@@ -615,20 +571,19 @@ ike_delete_config(struct ipsec_rule *r, FILE *fd)
switch (r->ikemode) {
case IKE_ACTIVE:
case IKE_DYNAMIC:
- fprintf(fd, "t IPsec-%s\n", r->p2name);
+ fprintf(fd, "t %s\n", r->p2name);
break;
case IKE_PASSIVE:
fprintf(fd, DELETE "[Phase 2]\n");
- fprintf(fd, "t IPsec-%s\n", r->p2name);
+ fprintf(fd, "t %s\n", r->p2name);
break;
default:
return (-1);
}
if (r->peer) {
- fprintf(fd, DELETE "[peer-%s]\n", r->peer->name);
- fprintf(fd, DELETE "[mm-%s]\n", r->peer->name);
- fprintf(fd, DELETE "[am-%s]\n", r->peer->name);
+ fprintf(fd, DELETE "[%s]\n", r->p1name);
+ fprintf(fd, DELETE "[phase1-%s]\n", r->p1name);
}
if (r->auth) {
if (r->auth->srcid)
@@ -636,26 +591,26 @@ ike_delete_config(struct ipsec_rule *r, FILE *fd)
if (r->auth->dstid)
fprintf(fd, DELETE "[%s-ID]\n", r->auth->dstid);
}
- fprintf(fd, DELETE "[IPsec-%s]\n", r->p2name);
- fprintf(fd, DELETE "[qm-%s]\n", r->p2name);
- fprintf(fd, DELETE "[lid-%s]\n", r->p2lid);
- fprintf(fd, DELETE "[rid-%s]\n", r->p2rid);
+ fprintf(fd, DELETE "[%s]\n", r->p2name);
+ fprintf(fd, DELETE "[phase2-%s]\n", r->p2name);
+ fprintf(fd, DELETE "[%s]\n", r->p2lid);
+ fprintf(fd, DELETE "[%s]\n", r->p2rid);
#else
- fprintf(fd, "t IPsec-%s\n", r->p2name);
+ fprintf(fd, "t %s\n", r->p2name);
switch (r->ikemode) {
case IKE_ACTIVE:
case IKE_DYNAMIC:
- fprintf(fd, RMV "[Phase 2]:Connections=IPsec-%s\n", r->p2name);
+ fprintf(fd, RMV "[Phase 2]:Connections=%s\n", r->p2name);
break;
case IKE_PASSIVE:
- fprintf(fd, RMV "[Phase 2]:Passive-Connections=IPsec-%s\n",
+ fprintf(fd, RMV "[Phase 2]:Passive-Connections=%s\n",
r->p2name);
break;
default:
return (-1);
}
- fprintf(fd, DELETE "[IPsec-%s]\n", r->p2name);
- fprintf(fd, DELETE "[qm-%s]\n", r->p2name);
+ fprintf(fd, DELETE "[%s]\n", r->p2name);
+ fprintf(fd, DELETE "[phase2-%s]\n", r->p2name);
#endif
return (0);
@@ -664,32 +619,42 @@ ike_delete_config(struct ipsec_rule *r, FILE *fd)
static void
ike_setup_ids(struct ipsec_rule *r)
{
- if (r->proto) {
- if (asprintf(&r->p2lid, "%s:%d-%d", r->src->name,
- ntohs(r->sport), r->proto) == -1)
- err(1, "ike_setup_ids");
- if (asprintf(&r->p2rid, "%s:%d-%d", r->dst->name,
- ntohs(r->dport), r->proto) == -1)
- err(1, "ike_setup_ids");
- } else {
- if (r->sport) {
- if (asprintf(&r->p2lid, "%s:%d", r->src->name,
- ntohs(r->sport)) == -1)
- err(1, "ike_setup_ids");
- } else {
- if ((r->p2lid = strdup(r->src->name)) == NULL)
- err(1, "ike_setup_ids");
- }
- if (r->dport) {
- if (asprintf(&r->p2rid, "%s:%d", r->dst->name,
- ntohs(r->dport)) == -1)
+ char sproto[10], ssport[10], sdport[10];
+
+ /* phase 1 name is peer and local address */
+ if (r->peer) {
+ if (r->local) {
+ /* peer-dstaddr-local-srcaddr */
+ if (asprintf(&r->p1name, "peer-%s-local-%s",
+ r->peer->name, r->local->name) == -1)
err(1, "ike_setup_ids");
- } else {
- if ((r->p2rid = strdup(r->dst->name)) == NULL)
+ } else
+ /* peer-dstaddr */
+ if (asprintf(&r->p1name, "peer-%s",
+ r->peer->name) == -1)
err(1, "ike_setup_ids");
- }
- }
- if (asprintf(&r->p2name, "%s-%s", r->p2lid, r->p2rid) == -1)
+ } else
+ if ((r->p1name = strdup("peer-default")) == NULL)
+ err(1, "ike_setup_ids");
+
+ /* Phase 2 name is from and to network, protocol, port*/
+ sproto[0] = ssport[0] = sdport[0] = 0;
+ if (r->proto)
+ snprintf(sproto, sizeof sproto, "=%u", r->proto);
+ if (r->sport)
+ snprintf(ssport, sizeof ssport, ":%u", ntohs(r->sport));
+ if (r->dport)
+ snprintf(sdport, sizeof sdport, ":%u", ntohs(r->dport));
+ /* from-network/masklen=proto:port */
+ if (asprintf(&r->p2lid, "from-%s%s%s", r->src->name, sproto, ssport)
+ == -1)
+ err(1, "ike_setup_ids");
+ /* to-network/masklen=proto:port */
+ if (asprintf(&r->p2rid, "to-%s%s%s", r->dst->name, sproto, sdport)
+ == -1)
+ err(1, "ike_setup_ids");
+ /* from-network/masklen=proto:port-to-network/masklen=proto:port */
+ if (asprintf(&r->p2name, "%s-%s", r->p2lid , r->p2rid) == -1)
err(1, "ike_setup_ids");
}
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c
index 33b04468e45..4defd1ada4b 100644
--- a/sbin/ipsecctl/ipsecctl.c
+++ b/sbin/ipsecctl/ipsecctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.c,v 1.69 2007/10/13 16:35:18 deraadt Exp $ */
+/* $OpenBSD: ipsecctl.c,v 1.70 2008/07/01 15:00:53 bluhm Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -240,6 +240,8 @@ ipsecctl_free_rule(struct ipsec_rule *rp)
free(rp->enckey->data);
free(rp->enckey);
}
+ if (rp->p1name)
+ free(rp->p1name);
if (rp->p2name)
free(rp->p2name);
if (rp->p2lid)
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index 8c2e1142f63..52af45c08ff 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecctl.h,v 1.56 2008/02/22 23:51:31 hshoexer Exp $ */
+/* $OpenBSD: ipsecctl.h,v 1.57 2008/07/01 15:00:53 bluhm Exp $ */
/*
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -185,6 +185,7 @@ struct ipsec_rule {
struct ipsec_key *enckey;
char *tag; /* pf tag for SAs */
+ char *p1name; /* Phase 1 Name */
char *p2name; /* Phase 2 Name (IPsec-XX) */
char *p2lid; /* Phase 2 source ID */
char *p2rid; /* Phase 2 destination ID */
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 4ceb71b8620..00e22ca0085 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.183 2008/06/10 17:25:57 bluhm Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.184 2008/07/01 15:00:53 bluhm Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -2431,6 +2431,57 @@ pf_key_v2_expire(struct pf_key_v2_msg *pmsg)
}
}
+static int
+mask4len(const struct sockaddr_in *mask)
+{
+ int len;
+ u_int32_t m;
+
+ len = 0;
+ for (m = 0x80000000; m & ntohl(mask->sin_addr.s_addr); m >>= 1)
+ len++;
+ if (len == 32)
+ len = -1;
+ return len;
+}
+
+#ifndef s6_addr8
+#define s6_addr8 __u6_addr.__u6_addr8
+#endif
+
+static int
+mask6len(const struct sockaddr_in6 *mask)
+{
+ int i, len;
+ u_int8_t m;
+
+ len = 0;
+ for (i = 0, m = 0; i < 16 && !m; i++)
+ for (m = 0x80; m & mask->sin6_addr.s6_addr8[i]; m >>= 1)
+ len++;
+ if (len == 128)
+ len = -1;
+ return len;
+}
+
+static int
+phase2id(char *str, size_t size, const char *side, const char *sflow,
+ int masklen, u_int8_t proto, u_int16_t port)
+{
+ char smasklen[10], sproto[10], sport[10];
+
+ smasklen[0] = sproto[0] = sport[0] = 0;
+ if (masklen != -1)
+ snprintf(smasklen, sizeof smasklen, "/%d", masklen);
+ if (proto)
+ snprintf(sproto, sizeof sproto, "=%u", proto);
+ if (port)
+ snprintf(sport, sizeof sport, ":%u", ntohs(port));
+
+ return snprintf(str, size, "%s-%s%s%s%s", side, sflow, smasklen,
+ sproto, sport);
+}
+
/* Handle a PF_KEY SA ACQUIRE message PMSG. */
static void
pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
@@ -2451,8 +2502,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
struct sadb_protocol *sproto;
char ssflow[ADDRESS_MAX], sdflow[ADDRESS_MAX];
char sdmask[ADDRESS_MAX], ssmask[ADDRESS_MAX];
+ int dmasklen, smasklen;
char *sidtype = 0, *didtype = 0;
- char lname[100], dname[100], configname[30];
+ char lname[100], dname[100], configname[200];
int shostflag = 0, dhostflag = 0;
struct pf_key_v2_node *ext;
struct passwd *pwd = 0;
@@ -2569,6 +2621,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
bzero(sdflow, sizeof sdflow);
bzero(ssmask, sizeof ssmask);
bzero(sdmask, sizeof sdmask);
+ smasklen = dmasklen = -1;
sidtype = didtype = "IPV4_ADDR_SUBNET"; /* default */
@@ -2600,6 +2653,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
log_print("pf_key_v2_acquire: inet_ntop failed");
goto fail;
}
+ smasklen = mask4len((struct sockaddr_in *) smask);
+ dmasklen = mask4len((struct sockaddr_in *) dmask);
if (((struct sockaddr_in *) smask)->sin_addr.s_addr ==
INADDR_BROADCAST) {
shostflag = 1;
@@ -2639,6 +2694,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
log_print("pf_key_v2_acquire: inet_ntop failed");
goto fail;
}
+ smasklen = mask6len((struct sockaddr_in6 *) smask);
+ dmasklen = mask6len((struct sockaddr_in6 *) dmask);
sidtype = didtype = "IPV6_ADDR_SUBNET";
if (IN6_IS_ADDR_FULL(&((struct sockaddr_in6 *)smask)->sin6_addr)) {
shostflag = 1;
@@ -2773,7 +2830,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* then dup.
*/
*srcid = '\0';
- if (asprintf(&srcid, "ID:Address/%s",
+ if (asprintf(&srcid, "id-%s",
(char *) (srcident + 1)) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -2846,7 +2903,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
}
}
}
- if (asprintf(&srcid, "ID:%s/%s", prefstring,
+ if (asprintf(&srcid, "id-%s",
slen ? (char *) (srcident + 1) : pwd->pw_name) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -2860,8 +2917,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
1, 0) ||
conf_set(af, srcid, "Refcount", "1", 1, 0) ||
conf_set(af, srcid, "Name",
- srcid + sizeof "ID:/" - 1 +
- strlen(prefstring), 1, 0)) {
+ srcid + 3, 1, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -2922,7 +2978,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* then dup.
*/
*dstid = '\0';
- if (asprintf(&dstid, "ID:Address/%s",
+ if (asprintf(&dstid, "id-%s",
(char *) (dstident + 1)) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -2994,7 +3050,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
}
}
}
- if (asprintf(&dstid, "ID:%s/%s", prefstring,
+ if (asprintf(&dstid, "id-%s",
slen ? (char *) (dstident + 1) : pwd->pw_name) == -1) {
log_error("pf_key_v2_acquire: asprintf() failed");
goto fail;
@@ -3008,8 +3064,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
1, 0) ||
conf_set(af, dstid, "Refcount", "1", 1, 0) ||
conf_set(af, dstid, "Name",
- dstid + sizeof "ID:/" - 1 +
- strlen(prefstring), 1, 0)) {
+ dstid + 3, 1, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -3034,12 +3089,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
/* Get a new connection sequence number. */
for (;; connection_seq++) {
snprintf(conn, connlen, "Connection-%u", connection_seq);
- snprintf(configname, sizeof configname, "Config-Phase2-%u",
- connection_seq);
/* Does it exist ? */
- if (!conf_get_str(conn, "Phase") &&
- !conf_get_str(configname, "Suites"))
+ if (!conf_get_str(conn, "Phase"))
break;
}
@@ -3052,31 +3104,24 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* - Configuration
*
* Also set the following section:
- * [Peer-dstaddr(/srcaddr)(-srcid)(/dstid)]
+ * [peer-dstaddr(-local-srcaddr)]
* with these fields:
* - Phase
* - ID (if provided)
* - Remote-ID (if provided)
* - Local-address (if provided)
* - Address
- * - Configuration (if an entry ISAKMP-configuration-dstaddr(/srcaddr)
+ * - Configuration (if an entry phase1-dstaddr-srcadd)
* exists -- otherwise use the defaults)
*/
/*
* The various cases:
- * - Peer-dstaddr
- * - Peer-dstaddr/srcaddr
- * - Peer-dstaddr/srcaddr-srcid
- * - Peer-dstaddr/srcaddr-srcid/dstid
- * - Peer-dstaddr/srcaddr-/dstid
- * - Peer-dstaddr-srcid/dstid
- * - Peer-dstaddr-/dstid
- * - Peer-dstaddr-srcid
+ * - peer-dstaddr
+ * - peer-dstaddr-local-srcaddr
*/
- if (asprintf(&peer, "Peer-%s%s%s%s%s%s%s", dstbuf, srcaddr ? "/" : "",
- srcaddr ? srcbuf : "", srcid ? "-" : "", srcid ? srcid : "",
- dstid ? (srcid ? "/" : "-/") : "", dstid ? dstid : "") == -1)
+ if (asprintf(&peer, "peer-%s%s%s", dstbuf, srcaddr ? "-local-" : "",
+ srcaddr ? srcbuf : "") == -1)
goto fail;
/*
@@ -3097,9 +3142,16 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
conf_end(af, 0);
goto fail;
}
- /* Set Phase 2 IDs -- this is the Local-ID section. */
- snprintf(lname, sizeof lname, "Phase2-ID:%s/%s/%u/%u", ssflow, ssmask,
- tproto, sport);
+ /*
+ * Set Phase 2 IDs -- this is the Local-ID section.
+ * - from-address
+ * - from-address=proto
+ * - from-address=proto:port
+ * - from-network/masklen
+ * - from-network/masklen=proto
+ * - from-network/masklen=proto:port
+ */
+ phase2id(lname, sizeof lname, "from", ssflow, smasklen, tproto, sport);
if (conf_set(af, conn, "Local-ID", lname, 0, 0)) {
conf_end(af, 0);
goto fail;
@@ -3141,9 +3193,16 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
} else
pf_key_v2_conf_refinc(af, lname);
- /* Set Remote-ID section. */
- snprintf(dname, sizeof dname, "Phase2-ID:%s/%s/%u/%u", sdflow, sdmask,
- tproto, dport);
+ /*
+ * Set Remote-ID section.
+ * to-address
+ * to-address=proto
+ * to-address=proto:port
+ * to-network/masklen
+ * to-network/masklen=proto
+ * to-network/masklen=proto:port
+ */
+ phase2id(dname, sizeof dname, "to", sdflow, dmasklen, tproto, dport);
if (conf_set(af, conn, "Remote-ID", dname, 0, 0)) {
conf_end(af, 0);
goto fail;
@@ -3192,27 +3251,37 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* At least, we should make this selectable.
*/
- /* Phase 2 configuration. */
+ /*
+ * Phase 2 configuration.
+ * - phase2-from-address-to-address
+ * - ...
+ * - phase2-from-net/len=proto:port-to-net/len=proto:port
+ */
+ snprintf(configname, sizeof configname, "phase2-%s-%s", lname, dname);
if (conf_set(af, conn, "Configuration", configname, 0, 0)) {
conf_end(af, 0);
goto fail;
}
- if (conf_set(af, configname, "Exchange_type", "Quick_mode", 0, 0) ||
- conf_set(af, configname, "DOI", "IPSEC", 0, 0)) {
- conf_end(af, 0);
- goto fail;
- }
- if (conf_get_str("General", "Default-phase-2-suites")) {
- if (conf_set(af, configname, "Suites",
- conf_get_str("General", "Default-phase-2-suites"), 0, 0)) {
+ if (!conf_get_str(configname, "Exchange_type")) {
+ if (conf_set(af, configname, "Exchange_type", "Quick_mode",
+ 0, 0) ||
+ conf_set(af, configname, "DOI", "IPSEC", 0, 0)) {
conf_end(af, 0);
goto fail;
}
- } else {
- if (conf_set(af, configname, "Suites",
- "QM-ESP-3DES-SHA-PFS-SUITE", 0, 0)) {
- conf_end(af, 0);
- goto fail;
+ if (conf_get_str("General", "Default-phase-2-suites")) {
+ if (conf_set(af, configname, "Suites",
+ conf_get_str("General", "Default-phase-2-suites"),
+ 0, 0)) {
+ conf_end(af, 0);
+ goto fail;
+ }
+ } else {
+ if (conf_set(af, configname, "Suites",
+ "QM-ESP-3DES-SHA-PFS-SUITE", 0, 0)) {
+ conf_end(af, 0);
+ goto fail;
+ }
}
}
@@ -3229,8 +3298,7 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
conf_end(af, 0);
goto fail;
}
- snprintf(confname, sizeof confname, "ISAKMP-Configuration-%s",
- peer);
+ snprintf(confname, sizeof confname, "phase1-%s", peer);
if (conf_set(af, peer, "Configuration", confname, 0, 0)) {
conf_end(af, 0);
goto fail;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-12 11:29:20 +0000